Mobile Threat Monday: Android App Steals Text Messages and Calls

Each week on Mobile Threat Monday, we look at a different nasty application targeting mobile devices. This week, security company F-Secure tipped us to an Android app that is very interested in your phone calls and SMS messages. In fact, it watches all your communications, and even uploads phone recordings for reasons unknown.
Message Snoop
According to F-Secure, the malicious app is dressed up like a system settings application. It even request device admin access, meaning it's capable of locking you out of your device entirely.
But this app seems more interested in your messages. It watches SMS and phone calls, checking to see if any phones numbers have a Korean code prefix (specifically, +82). If it detects one, it clears that number from your phone's log. It can also send SMS messages on its own.
Scariest of all, the app records phone calls, SMS messages, phone numbers, and network data, and uploads its stolen data to a remote server.
What's It Doing?
In their analysis, F-Secure didn't speculate about the malware's goal. That's understandable, because the behaviors are pretty odd. Clearing call logs of specific numbers and sending SMS messages sounds like some kind of premium SMS scam, where victims are nickel and dimed with small charges made via surreptitiously sent messages. Such malware relies on geographically-locked shortcodes to send SMS messages. That might explain why the app profiled by F-Secure checks for a Korean code prefix.
On the other hand, this malicious app is also interested in very personal information—like recordings of phone calls. This suggests something more targeted, something more along the lines of a login-capturing Trojan or a legal-ish spyware app installed by a jealous spouse.
How To Stay SafeWhatever the app is doing it's not the kind of thing you want on your phone. Unfortunately, F-Secure isn't sure where the app is coming from. If it's run-of-the-mill malware, then it's probably lurking in third party app stores. If it's a more targeted tool, it's likely being sent around by bad guys/creepy boyfriends. Either way, the remedy is the same: don't sideload apps. By default, your Android won't let you install apps from "unknown sources," and it's best to keep it that way.
Android security apps like Editors' Choice winners avast! Mobile Security & Antivirus and Bitdefender Mobile Security and Antivirus can also help keep your phone safe with malware detection and numerous other security tools. For its part, Google bakes in a number of unique security tools to help protect your device even when you're installing apps from outside Google Play.
Lastly, use some common sense when installing any application and read over the list of requested permissions. After all, you never know when an app might be listening to you.