Investigators of Cisco Talos discovered two variants of the new malware for Android, the Trojan KevDroid, specifically, stowing away in a phony antivirus application Naver Defender.
Specialists say that the primary errand of malware is to take information from contaminated gadgets, including a rundown of contacts, messages and text, photographs, call history and rundown of installed applications. What's more, analysts caution that KevDroid can record telephone calls of its casualties.
Investigators compose that they figured out how to discover diverse examples of the Trojan. Along these lines, one variant of KevDroid exploits the vulnerability CVE-2015-3636 to get root benefits, and to record telephone calls the two examples utilize the open source library, taken from GitHub . Having gotten root-rights, KevDroid grows its abilities and is as of now equipped for taking data from different applications.
At first, the danger was seen two weeks prior, by Korean pros from ESTsecurity. Korean media interface KevDroid with North Korean government hackers, for instance, with Group 123, however Cisco Talos specialists found no proof of this hypothesis, in spite of the fact that they concede that the Trojan can be related with some sort of digital covert agent battle.
In this way, as indicated by Cisco specialists, with the assistance of stolen data, gatecrashers can shakedown their casualties, utilize captured codes and tokens for bank extortion, and can likewise aggregate information for consequent entrance into corporate systems.
During the time spent examining KevDroid, experts likewise found the Windows-trojan PubNubRAT, which utilizes a similar administration servers and the PubNub API for sending charges. In any case, even this was insufficient to contend that specialists unearthed the activity of government programmers.