KevDroid

Security researchers issued a warning about an Android Trojan named KevDroid that can enter a computer with the computer users' authorization when they download and install an anti-virus software called Naver Defender. The purpose of the KevDroid is to collect information from the infected device. KevDroid is a highly sophisticated and powerful malware that can pursue the device's location every 10 minutes, gain root access to the device, collect call logs, record audio and phone calls, collect files and the Web history and collect the installed applications, emails and text message. The collected data is sent to its Command and Control server, which means to the hands of its controllers and be used to perform countless tasks such as being sold on the Black Market, information leak, logins collection, handle online banking services, and even blackmail.

Another fact uncovered by security researchers is that the group that may have developed and is using KevDroid to attack devices is called 'Group APT37, a North Korean-based group that is state-sponsored and is specialized in espionage. The APT37 group, also known as Red Eyes, Reaper, ScarCruft and Group 123 is responsible for various malware attacks and seems to be updating and creating new, more powerful threats. KevDSroid has two active versions that perform the same tasks described above. However, one of them abuses an Android vulnerability, which allows KevDroid to gain root access to the infected device. Another way that KevDroid can enter a computer is by using two other applications, PeyongChang Winter Games and Bitcoin Ticker that can be downloaded from Google Play. When the users introduce one of these applications on their devices, they will receive a message claiming that the application needs to be updated. By clicking on the update button, it will be the KevDroid payload that will be installed and stored as AppName.apk. Then the device's user will need to confirm the installation.

Nowadays, no device is 100% safe, due to the threats been updated and adapted to the amazing technology that never stops growing and this is what makes security software and careful Web browsing so crucial to avoid been infected by a threat like KevDroid.