Reportedly, the malware worked as intended when it was tested in a controlled environment – a pair of Android emulators were hooked up together over a simulated network. When a call was placed between them, the entire conversation was recorded in the form of an AMR file stored on the virtual device's microSD card. Further changes that the virus makes to the device's configuration make it possible for the stored files to be uploaded over to a remote server, which the alleged attacker is supposed to have access to.
It has been pointed out that this new piece of mobile malware is considerably more advanced than the rest of Android viruses that have been observed so far. Until now, the most that any malicious app could do in terms of spying on you was to log the time and duration of your phone calls in a simple text file, yet no malware capable of recording actual phone conversations had been reported prior to this case.
That being said, one should always be careful when downloading apps from dubious sources as there is no way to know how safe the software is exactly. It may sound disturbing, but chances are that we will be hearing more and more about malware threats targeted at smartphones from now on.
source: CA Technologies via Electronista