This new Trojan takes things a step further by actually recording phone calls to local storage in the AMR format before uploading them to a server specific by the attacker.
The Trojan dubs itself the "Android System Messenger" and asks for permission upon installation to be allowed to incept outgoing calls. This should act as a warning for users, but the truth is most users see these messages all too often and end up just ignoring them. The same problem is seen with User Account Control prompts on Windows, where users allow a program to execute even if they have no idea what it is.
When installed, the malware drops a configuration file to the device which will include information on the remote server to upload the files. When a call is made, the conversation is recorded to a .amr file located in a directory "shangzhou/callrecord". The directory hints at a Chinese origin for the malware.
The amount of malware targeting Android has exploded in the past year, due to the large use of "unauthorized" App markets, though the number of dodgy applications even found in Google's market has increased dramatically. Android's wide usage globally also gives every incentive for malware peddlers to target it.