Be warned!!! A New Android Malware Is Out

Be warned!!! A New Android Malware Is Out


Security analysts at Cisco Talos have revealed variations of another Android Trojan that are being conveyed in the wild camouflaging as a phony hostile to infection application, named “Naver Defender.”

Be warned!!! A New Android Malware Is Out

Named KevDroid, the malware is a remote organization instrument (RAT) intended to take touchy data from traded off Android gadgets, and in addition fit for recording telephone calls.

Talos analysts distributed Monday specialized insights around two late variations of KevDroid recognized in the wild, after the underlying revelation of the Trojan by South Korean cybersecurity firm ESTsecurity two weeks back.

Though researchers haven’t attributed the malware to any hacking or state-sponsored group, South Korean media have linked KevDroid with North Korea state-sponsored cyber espionage hacking group “Group 123,” primarily known for targeting South Korean targets.
The most recent variant of KevDroid malware, detected in March this year, has the following capabilities:

steal web history and filesgain root accesssteal call logs, SMS, emailscollect device’ location at every 10 secondscollect a list of installed applications

record phone calls & audio

Malware uses an open source library, available on GitHub, to gain the ability to record incoming and outgoing calls from the compromised Android device.

Although both malware samples have the same capabilities of stealing information on the compromised device and recording the victim’s phone calls, one of the variants even exploits a known Android flaw (CVE-2015-3636) to get root access on the compromised device.
All stolen data is then sent to an attacker-controlled command and control (C2) server, hosted on PubNub global Data Stream Network, using an HTTP POST request.

“If an adversary were successful in obtaining some of the information KevDroid is capable of collecting, it could result in a multitude of issues for the victim,” resulting in “the leakage of data, which could lead to a number of things, such as the kidnapping of a loved one, blackmail by using images or information deemed secret, credential harvesting, multi-factor token access (SMS MFA), banking/financial implications and access to privileged information, perhaps via emails/texts,”

Talos says.

“Many users access their corporate email via mobile devices. This could result in cyber espionage being a potential outcome for KevDroid.”
Researchers also discovered another RAT, designed to target Windows users, sharing the same C&C server and also uses PubNub API to send commands to the compromised devices.
How to Keep Your Smartphone Secure

Android users are advised to regularly cross-check apps installed on their devices to find and remove if any malicious/unknown/unnecessary app is there in the list without your knowledge or consent.
Such Android malware can be used to target your devices as well, so you if own an Android device, you are strongly recommended to follow these simple steps to help avoid this happening to you:
Never install applications from 3rd-party stores.

Ensure that you have already opted for Google Play Protect.
Enable ‘verify apps’ feature from settings.
Keep “unknown sources” disabled while not using it.
Install anti-virus and security software from a well-known cybersecurity vendor.
Regularly back up your phone.

Always use an encryption application for protecting any sensitive information on your phone.
Never open documents that you are not expecting, even if it looks like it’s from someone you know.
Protect your devices with pin or password lock so that nobody can gain unauthorized access to your device when remains unattended.
Keep your device always up-to-date
with the latest security patches.


YOU CAN ALSO READ  Google Researcher Releases iOS Exploit—Could Enable iOS 11 Jailbreak

Now your take on this argument.

We would also like to hear what you feel about the topic we discussed today. Your feedback is very important to us. Feel free to drop your comments and recommendations. If you have a contrary opinion, you can drop that too.


You can also join our Facebook Page CRMNigeria for more updates. You can do that by clicking on the link or searching for our page on Facebook.


Action Point.
You need to confirm your subscription by clicking on the link sent to you. You can check the spam folder for it. Add us to your mailing list to receive directly from us.


YOU CAN ALSO READ  Understanding The Basics Of Network Security Architecture

PS: Click on the link below to sign up for my Online E-Course CRM Training. Make sure you confirm your subscription by clicking on the link sent to you. Thanks.

 5 total views,  5 views today

Adeniyi Salau

Adeniyi Salau Scrum Master Certified , CCNA R&S , BeingCert and Scrum Certified Digital Marketing Professional, CEP, MOS, MCP, CSCU (Project 2016), Microsoft Certified Security and Networking Associate is a Google and Beingcert Certified Digital Marketer, Project Manager and SEO Expert of repute with about a decade of Blogging and online marketing experience. He is always ready to share his experience with others.

Write a Comment

Your email address will not be published. Required fields are marked *

CommentLuv badge
%d bloggers like this: