Dubbed KevDroid, the malware is a remote direction tool (RAT) designed to pocket sensitive information from compromised Android devices, equally good equally capable of recording telephone calls.
Talos researchers published Mon technical details most 2 recent variants of KevDroid detected inwards the wild, next the initial discovery of the Trojan past times South Korean cybersecurity theatre ESTsecurity 2 weeks ago.
Though researchers haven't attributed the malware to whatever hacking or state-sponsored group, South Korean media convey linked KevDroid alongside Democratic People's Republic of Korea state-sponsored cyber espionage hacking grouping "Group 123," primarily known for targeting South Korean targets.
The most recent variant of KevDroid malware, detected inwards March this year, has the next capabilities:
- record telephone calls & audio
- steal spider web history in addition to files
- gain root access
- steal telephone telephone logs, SMS, emails
- collect device' place at every 10 seconds
- collect a listing of installed applications
Malware uses an opened upward source library, available on GitHub, to arrive at the might to tape incoming in addition to outgoing calls from the compromised Android device.
All stolen information is in addition to therefore sent to an attacker-controlled command in addition to command (C2) server, hosted on PubNub global Data Stream Network, using an HTTP POST request.
"If an adversary were successful inwards obtaining around of the information KevDroid is capable of collecting, it could outcome inwards a multitude of issues for the victim," resulting inwards "the leakage of data, which could Pb to a number of things, such equally the kidnapping of a loved one, blackmail past times using images or information deemed secret, credential harvesting, multi-factor token access (SMS MFA), banking/financial implications in addition to access to privileged information, maybe via emails/texts," Talos says.
"Many users access their corporate electronic mail via mobile devices. This could outcome inwards cyber espionage existence a potential effect for KevDroid."Researchers also discovered around other RAT, designed to target Windows users, sharing the same C&C server in addition to also uses PubNub API to ship commands to the compromised devices.
How to Keep Your Smartphone Secure
Android users are advised to regularly cross-check apps installed on their devices to regain in addition to take if whatever malicious/unknown/unnecessary app is at that topographic point inwards the listing without your noesis or consent.
Such Android malware tin give the axe last used to target your devices equally well, therefore yous if ain an Android device, yous are strongly recommended to follow these unproblematic steps to attention avoid this happening to you:
- Never install applications from 3rd-party stores.
- Ensure that yous convey already opted for Google Play Protect.
- Enable 'verify apps' characteristic from settings.
- Keep "unknown sources" disabled spell non using it.
- Install anti-virus in addition to safety software from a well-known cybersecurity vendor.
- Regularly dorsum upward your phone.
- Always purpose an encryption application for protecting whatever sensitive information on your phone.
- Never opened upward documents that yous are non expecting, fifty-fifty if it looks similar it's from mortal yous know.
- Protect your devices alongside pivot or password lock therefore that nobody tin give the axe arrive at unauthorized access to your device when remains unattended.
- Keep your device ever up-to-date alongside the latest safety patches.
