Leave a comment

New malware secretly records your phone calls and steals data

New malware secretly records your phone calls and steals data
© Leszekkobusinski | Dreamstime.com

One of the sneakiest aspects of malware is the lengths at which hackers will try to hide its true intentions. Sometimes that means burying the malicious files inside an app that makes it all tough to detect.

Other times it's not as complicated, as it is distributed as part of something that actually claims to help protect against itself. While not all that intricate, the concept is fairly clever as it takes advantage of our desire to protect our devices.

That is the case with one of newest discoveries, which you certainly want to avoid. Unless, of course, you do not value your privacy.

Your data is not yours anymore

Thanks to security researchers at Cisco Talos we now know of an Android Trojan that is being called "KevDroid." Disguised as an antivirus app "Naver Defender," its goal is to steal as much sensitive information as it can.

What kind of information, exactly? Well, it records phone calls and audio, steals call logs, text messages and emails, takes web history and files, gains root access to your phone, records a list of installed apps and tracks the device's location every 10 seconds.

There are two different versions of KevDroid that have been discovered recently, with subtle differences between them. Both do the same things once downloaded, but one of them takes advantage of an Android flaw that grants it root access on the compromised device.

Regardless of how it ultimately steals your data, whatever it gets is then sent to a C2 server that is controlled by the attacker. Personal information like that can be used for a variety of things, with blackmail and kidnapping among the possibilities.

Knowing that, the question is naturally who is behind the malware. According to the Talos researchers, it is not clear who is responsible for KevDroid, but South Korean media have attributed it to a North Korea state-sponsored cyber espionage group known as "Group 123."

What to do if you downloaded the bad app

We are not sure how many devices have been infected by KevDroid, but if yours is one of them, you will want to get rid of it as soon as possible. To uninstall the app, follow these steps:

  1. Open your device's "Settings."
  2. Tap apps & notifications.
  3. Tap the app you want to uninstall. If you don't see it, first tap "see all apps" or "app info."
  4. Tap Uninstall.

If you have not downloaded KevDroid, here is how to keep your phone safe

Unfortunately, there is nothing you can do other than never downloading anything that will keep your phone 100 percent malware-free. There are things you can do to minimize the chances of yours being infected.

One thing to avoid is installing apps from 3rd-party stores, as they are generally less secure than the Google Play Store. You will also want to enable "verify apps" in your settings and use Google Play Protect, which helps to detect dangerous apps.

You will also want to install an anti-virus app that comes from a reputable company, and in the meantime, back up your phone often.

Have a question about malware? Kim has your answer! Click here to send Kim a question, she may use it and answer it on her radio show. Just click here. The Kim Komando Show is broadcast on over 450 stations. Click here to find the show time in your area.

Speaking of compromised data, if you ate here yours may have been

Is it possible for any private information or data to stay that way online these days? Really, when was the last time we got through a couple of days without learning of some kind of hack or breach or betrayal of trust? The latest issue comes courtesy of a popular restaurant. Which one? Read here to find out.

Next Story
Google bans cryptomining extensions
Previous Happening Now

Google bans cryptomining extensions

Everyone wants to hijack your computer to mine cryptocurrency
Next Happening Now

Everyone wants to hijack your computer to mine cryptocurrency

View Comments ()