Researcher Uncovers Android Trojan That Records Phone Calls

A newly discovered Android Trojan can record not just the times and numbers for incoming and outgoing calls like its predecessors did, but the actual calls themselves.

The malware, which was uncovered by a CA Technologies researcher, records calls in AMR format, and then stores the recorded call in a directory listed as shangzhou/callrecord on the SD Card. The malware also drops a configuration file that contains key information about a remote server and the parameters necessary to communicate with it. It's possible, therefore, that the malware can upload the recorded calls to a server maintained by the attacker.

The Trojan was tested in "a controlled environment with two mobile emulators running along with simulated Internet services," according to the researcher. Apparently, the Trojan requires manual acceptance to install, infecting a system only if the Android device owner taps the "install" button on screen that looks a lot like the installation screens of legitimate apps.

Once infected by the Trojan, every phone call triggers the malware to begin recording the call and storing it on the device's SD card.


While Apple has taken criticism for somewhat draconian App Store approval processes, those processes mean that the store's apps are curated and malware rarely gets into the marketplace. While the Android Market is much more open, it has also been hit with a few malware submissions previously, including malware disguising itself as valid apps. As always, this is a good reminder for users of either OS: use discretion when downloading unknown or untrusted applications.