The Silicon Review ^Asia

Recently, security researchers at Cisco Talos have unearthed two variants of a new notorious Android Trojan that is spreading at a jet speed all over the internet. Disguised as a fake anti-virus for android phones, the application is known as "Naver Defender."

Tagged as KevDroid, the malware is a remote administration tool (RAT) developed to pwn Android devices and steal sensitive data. Also, this ill-famous malware is capable of recording phone calls. According to the Cisco Talos researchers’ detailed report, the two recent variants of KevDroid were detected in the wild after the discovery of the Trojan by a South Korean cybersecurity firm, EST Security several days ago.

Details of the two Variants:

Variant 1

The 1st variant of the malware is a smaller version. The prime purpose of this variant is to rob sensitive information stored on the device.

• Installed apps
• Phone number
• Unique IDs
• Location - collected every 10 seconds
• Stored Contacts and SMS, Call logs, Emails, and Photos
• Recording calls

Variant 2

The second variant of KevDroid is larger than the previous sample. Named as "PU," the icon of this sample is empty. Also, the architecture of the malware is a little bit different than the previous version and it uses SQLite databases to store information.

This variant contains all the features same as the previous version with some additional:

• Camera recording
• Audio recording
• Web history stealing
• File stealing
• Root access on the device

So, in order to keep information safe and secure, Android users are advised to cross-check each and every application regularly to find and remove if any malicious, unknown or unnecessary application is installed on the phone without the user’s knowledge or consent.