New Android Malware Secretly Records Phone Calls and Steals Private Data

[steven36]

Security researchers at Cisco Talos have uncovered variants of a new Android Trojan that are being distributed in the wild disguising as a fake anti-virus application, dubbed "Naver Defender."

 

 

Dubbed KevDroid, the malware is a remote administration tool (RAT) designed to steal sensitive information from compromised Android devices, as well as capable of recording phone calls.

Talos researchers published Monday technical details about two recent variants of KevDroid detected in the wild, following the initial discovery of the Trojan by South Korean cybersecurity firm ESTsecurity two weeks ago.

 

Though researchers haven't attributed the malware to any hacking or state-sponsored group, South Korean media have linked KevDroid with North Korea state-sponsored cyber espionage hacking group "Group 123," primarily known for targeting South Korean targets.

The most recent variant of KevDroid malware, detected in March this year, has the following capabilities:

 

• record phone calls & audio
• steal web history and files
• gain root access
• steal call logs, SMS, emails
• collect device' location at every 10 seconds
• collect a list of installed applicatio

 

Malware uses an open source library, available on GitHub, to gain the ability to record incoming and outgoing calls from the compromised Android device.

 

 

 

Although both malware samples have the same capabilities of stealing information on the compromised device and recording the victim's phone calls, one of the variants even exploits a known Android flaw (CVE-2015-3636) to get root access on the compromised device.

 

All stolen data is then sent to an attacker-controlled command and control (C2) server, hosted on PubNub global Data Stream Network, using an HTTP POST request.

"If an adversary were successful in obtaining some of the information KevDroid is capable of collecting, it could result in a multitude of issues for the victim," resulting in "the leakage of data, which could lead to a number of things, such as the kidnapping of a loved one, blackmail by using images or information deemed secret, credential harvesting, multi-factor token access (SMS MFA), banking/financial implications and access to privileged information, perhaps via emails/texts," Talos says.

"Many users access their corporate email via mobile devices. This could result in cyber espionage being a potential outcome for KevDroid."

Researchers also discovered another RAT, designed to target Windows users, sharing the same C&C server and also uses PubNub API to send commands to the compromised devices.
 

How to Keep Your Smartphone Secure

Android users are advised to regularly cross-check apps installed on their devices to find and remove if any malicious/unknown/unnecessary app is there in the list without your knowledge or consent.

Such Android malware can be used to target your devices as well, so you if own an Android device, you are strongly recommended to follow these simple steps to help avoid this happening to you:

• Never install applications from 3rd-party stores.
• Ensure that you have already opted for Google Play Protect.
• Enable 'verify apps' feature from settings.
• Keep "unknown sources" disabled while not using it.
• Install anti-virus and security software from a well-known cybersecurity vendor.
• Regularly back up your phone.
• Always use an encryption application for protecting any sensitive information on your phone.
• Never open documents that you are not expecting, even if it looks like it's from someone you know.
• Protect your devices with pin or password lock so that nobody can gain unauthorized access to your device when remains unattended.
• Keep your device always up-to-date with the latest security patches.

 

 

Source

 

[Recruit]

I know a malware much more powerful than this one : it is called Facebook !

[steven36]

1 hour ago, Recruit said:

I know a malware much more powerful than this one : it is called Facebook !

I don't have no chance in catching ether one A. I do not use Android  what good is a smart phone in a area that you cant get a good signal to wireless its just a waste of money buying another Internet . I just have a burner  to make calls on when im away from home witch cant be tracked  . B Facebook is self inflected if you're silly enough to tell the world you're personal info you that's you're choice it's not considered malware.  but it's spyware  the difference in spyware and malware is malware and viruses  is spread by hackers to profit from or sometimes just for fun and  you can catch it  without  self inflecting yourself  , Spyware comes from using closed source apps and services for free that you inflect on yourself . Its nothing new its older than malware even, do you use Windows  or Google Android?  they sell you're data too.

 

People are so  funny today! it's like back before Facebook was a issue Windows privacy was a hot topic and they went  over on Facebook  , Google  services, Twitter and talk about it  and these guys  was selling there data as they spoke . Now people are on Windows  and Google  services and Twitter talking about Facebook . Point is you going to have give up way more  than just Facebook to ever achieve privacy . I don't even think it's really possible ..but the less info you put on the Internet  about who you  are ,  such as you're real name the better off you are.