New Android Malware Secretly Records Phone Calls and Steals Private Data

Android trojans and malware usually have a similar approach when it comes to infecting their targets: malicious App installation. Once it takes place, the damage sometimes can be remediless, because of strategic information said on a voice call or sensitive document is just gone and there is nothing else to do.
While Security specialists keep sending the same message on how to keep your mobile secure, like to not install apps from 3rd-party stores, protect the devices with pin or password, etc., it’s hard for the majority having it done.
A Smartphone designed to be secure from its conception is the best approach to mitigate all those risks and protect your assets and strategic information. SIKURPhone, together with SikurOS is the choice for your Secure Business Platform.

Text by Alexandre Vasconcelos.

Security researchers at Cisco Talos have uncovered variants of a new Android Trojan that are being distributed in the wild disguising as a fake anti-virus application, dubbed “Naver Defender.”

Dubbed KevDroid, the malware is a remote administration tool (RAT) designed to steal sensitive information from compromised Android devices, as well as capable of recording phone calls.

Talos researchers published Monday technical details about two recent variants of KevDroid detected in the wild, following the initial discovery of the Trojan by South Korean cybersecurity firm ESTsecurity two weeks ago.

Though researchers haven’t attributed the malware to any hacking or state-sponsored group, South Korean media have linked KevDroid with North Korea state-sponsored cyber espionage hacking group “Group 123,” primarily known for targeting South Korean targets.

The most recent variant of KevDroid malware, detected in March this year, has the following capabilities:

  • record phone calls & audio
  • steal web history and files
  • gain root access
  • steal call logs, SMS, emails
  • collect device’ location at every 10 seconds
  • collect a list of installed applications


Mais do que uma solução tecnológica, somos uma decisão estratégica para as organizações.

Nossa missão é redefinir a relação das empresas com a cibersegurança e a experiência dos usuários no processo de autenticação e acesso a ativos tecnológicos.