A nova peça de malware Android foi descoberto. KevDroid apelidado, o malware está sendo distribuído na forma de um aplicativo falso anti-vírus chamado Naver Defender. KevDroid is in fact a remote administration tool that steals sensitive data from infected devices. Contudo, the malware is also capable of recording phone calls.
KevDroid Android Malware Technical Details
KevDroid was first discovered by ESET researchers, and later it was analyzed by Cisco Talos.
Talos identified two variants of the Android Remote Administration Tool (RATO). Both samples have the same capabilities — namely to steal information on the compromised device (such as contacts, SMS and phone history) and record the victim’s phone calls.
One variant of the malware has been detected to leverage a known Android exploit – CVE-2015-3636 – in order to get root access on the compromised Android device, the researchers said in their detailed analysis. além disso, data collected by both variants was sent via HTTP POST to a unique command and control server. As for the ability to record calls – it has been implemented based on an open-source project available on GitHub.
Researchers are not sure yet who is behind the malware campaign. Contudo, according to South Korean media coverage, the KevDroid malware may be linked to North Korea state-sponsored group known as Group 123 which is behind cyber espionage campaigns.
The current list of malicious capabilities that KevDroid has includes the recording of phone calls and audio data, stealing web history and files, obtaining root access, stealing call logs, SMS, e-mails, collecting the devices’ location every 10 segundos, and harvesting the list of all installed applications.
What Аre the Consequences of a KevDroid Infection?
If attackers were successful in obtaining some of the data the malware is capable of harvesting, it could result in a number of issues for the infected user, pesquisadores disse.
Since mobile phones are used in nearly all activities, they contain tons of sensitive and personally identifiable data, such as photographs, senhas, informação bancária. An infection with KevDroid could result in the leakage of data, which inexorably could lead to a number of outcomes.
Depending on the victim’s status (such as corporate user), the result of this infection could even lead to the kidnapping of a loved one, blackmail by using images or secretive information, colheita credencial, multi-factor token access (SMS MFA), banking/financial implications and access to privileged information via emails/texts, pesquisadores avisaram. Many users access their corporate email via mobile devices.