There is a new bit of malware malfeasance attacking 'Andy'. This new Trojan does something that we haven't seen before; it is able to record phone calls while also recording your data. This Trojan stores its .AMR files locally on your phone's external storage. An additional configuration file installed by the infection gives remote server access to the creators of the app. This allows them to retrieve the recordings from your phone’s microSD card.
The easiest way to spot the infection is that it requests an excessive number of permissions, including the ability to record phone calls. This should obviously send up a "red flag" alert in your mind, but we need to warn all of our less tech-savvy friends and family members. The ZDNet article sums up nicely how we can educate others,
Ask yourself - does this app really need all these capabilities? If in doubt, say no!
Source: Android.net via PhanDroid and ZDNet