The malware activates when a compromised smartphone makes a call. It’s recorded as an audio file on the phone’s microSD card, and then sent to a remote server after the call is complete. Other information about the call, including when the call was placed and the call’s duration, is also recorded and packaged for delivery to the server.
That’s the bad news. The good news is that the malware wasn’t detected in active use on phones, but rather on an online malware channel, which could mean it is being developed but not yet deployed. A bug in the code that prevents the audio file from being properly sent also indicates that this threat isn’t finished, though it could be fixed and deployed.
While the permissions do clearly state that the malware wants access to phone calls, there are many legitimate reasons why this might be requested. Disguising this threat as an innocent recording utility, for example, would not be difficult. This would even justify the audio files, making it unlikely that even experienced users would notice a problem.
Source: Ars Technica
More articles about: