According to Dinesh Venkatesan, this particular trojan records conversations in the AMR format, as allowed by the permissions the user has approved.
Venkatesan says that, in view of the fact that the trojan asks Android users for permission to record the calls, he recommends that users always take time to review the permissions requested on all apps.
Once the malware is installed on the victim's Android device, he says it drops a 'configuration' file that contains key information about the remote server and the parameters.
In order to better observe the payload in action, the Computer Associates researcher says that he installed the malware in a controlled environment, with two mobile emulators running on a PC system along with simulated internet services.
"As the conversation goes on, the trojan stores the recorded call in a directory shangzhou/callrecord in the SDCard", he says in his latest security posting.
The conclusions that Venkatesan draws are that, whilst 2011 has become the year of mobile malware, he advises that smartphone users need to be more careful when installing apps, and exercise basic security principles when surfing the mobile internet - and especially when installing any applications.