The Register: Security researchers at CA say they have discovered an Android Trojan that actually records phone calls that can later be uploaded to a remote server. While previous pieces of malware had the ability to log calls, the ability to record calls is new.
The researchers say that the Trojan cannot spread on its own–Android users must download the file and give it permission to record audio and perform other functions. They caution users to be careful about which apps they download.