It was recently discovered that new Android Trojan variants, dubbed as “Naver Defender,” were being distributed as a fake anti-virus application. Uncovered by security researchers at Cisco Talos, them malware named as KevDroid is a ” remote administration tool (RAT) designed to steal sensitive information from compromised Android devices, as well as capable of recording phone calls.”
It was initially discovered by a South Korean cyber security firm two weeks ago. It was reported by the South Korean media to be linked to a North Korea state-sponsored hacking group.
The malware was found to be using an open source library from GitHub as well as exploiting Android flaw CVE-2015-3636 to gain root access of a compromised device.
https://nvd.nist.gov/vuln/detail/CVE-2015-3636
https://thehackernews.com/2018/04/android-spying-trojan.html
Shi Yu Dong says
Great Post! Very Interesting.
Donald Hoxhaj says
his is absolutely incredible. I wonder how many users have already used the fake antivirus application and how many systems have already been attacked with this. North Korea’s involvement is even more shocking considering that it is already cornered by most countries for its economic decisions.