It was recently discovered that new Android Trojan variants, dubbed as “Naver Defender,” were being distributed as a fake anti-virus application. Uncovered by security researchers at Cisco Talos, them malware named as KevDroid is a ” remote administration tool (RAT) designed to steal sensitive information from compromised Android devices, as well as capable of recording phone calls.”
It was initially discovered by a South Korean cyber security firm two weeks ago. It was reported by the South Korean media to be linked to a North Korea state-sponsored hacking group.
The malware was found to be using an open source library from GitHub as well as exploiting Android flaw CVE-2015-3636 to gain root access of a compromised device.
https://nvd.nist.gov/vuln/detail/CVE-2015-3636
https://thehackernews.com/2018/04/android-spying-trojan.html