A new Trojan horse app has emerged to target Android devices, and this one’s particularly creepy. The app records a user’s phone calls and then uploads them to a remote server. The app was revealed Tuesday by security researcher Dinesh Venkatesan on the Security Advisor Research Blog, published by CA Technologies, now known as Total Defense. While this particular Trojan doesn’t appear to be a threat in the wild–at least not for North American users–it’s a good reminder of the growing threat of mobile malware.
It’s just sad that we need a damn firewall on our smartphones now days. I’m not saying this as a rant about how insecure these phones are, as this probably can’t be helped… just grieving over the sad state of humanity that this is even necessary. Way too many assholes in the world.
these guys are nothing next to large companies lobbies and banks. thats whats really sad
Don’t install junk.
Id like to note as well that its this another advertisement article for a company selling “security software” for android.
I dislike those quite a bit and I wonder how its linked on osnews.
Agreed. Also, from what I’ve heard, this app can hardly be called “malware”, as it’s just a normal app that you have to install manually and asks your permission to your data, just like any other app.
I think you are confusing the term malware with virus, but I agree with your sentiment.
Most of the article’s advice is for laymen. And while it’s important that much of it be followed, I have some issues with the information presented:
1. Security software can only do much to protect you if it has root access — because you have to assume that your malware will.
2. Locking your phone doesn’t protect your stolen device much if you’re one of the plethora of people who leave USB debugging enabled OR install APK files that they’ve backed up on their unencrypted SD card. No special equipment required.
3. None of this takes into account more significant efforts. The malware that can be subverted by the article’s recommended steps is hardly visionary. See: http://bit.ly/mkDUVM (this article is apparently more poignant than I originally gave it credit for, as after mentioning it in a comment on Android Central, the comment was removed and my account was disabled).
One could allow the mobile device vendor to vet and approve each app before allowing the user to install it. This is the simplest solution and in practice very effective
Nah, that still doesn’t work 100%. Better yet is to use something like the N900 that actually has a community repository and a testing environment that weeds out all the nasties.
That and it runs a REAL Linux distribution rather than just a Linux Kernel with a Java VM.