A couple of days ago, researchers had discovered a fake antivirus malware targeting the Android mobile platform. They named this malware KevDroid and decided to investigate it. For that, they have done a malware analysis on it that lead to the discovery of a link between this fake Android antivirus and Group 123. The link was not hard to make due to the reporting and history of the following of Group 123, and besides that, researchers had discovered some interesting elements.
Two variants of the Android Remote Administration Tool (RAT) were identified during the investigation. Both samples have the same capabilities that are used to steal information from the compromised device (such as contacts, SMS, and phone history) and record the victim’s phone calls. One of the variants uses a known Android exploit (CVE-2015-3636) to get root privileges on the victims Android device.
Nothing is safe in the digital world; cybersecurity represents a must nowadays. Remember, to be safe and secured in the cyberspace, depending on which version of OS your device runs; you must install an antivirus for Windows or antivirus for Mac.
Companies must also remember that professional, legit cybersecurity firms are offering good cybersecurity packages that can be used to test your company’s network integrity by running various tests like penetration test and ethical hacking tests.
The data of both variants was sent using an HTTP POST to a single C&C server. The ability to record calls was implemented based on an open-source project available on GitHub.
Things got more interesting when the researchers found another RAT targeting Windows hosted on the C&C server in use by KevDroid. This malware uses the PubNub platform as its C&C server. PubNub is a global data stream network (DSN). The attackers use the PubNub API to publish orders to the compromised systems.
All devices must be protected only by the best cybersecurity solution like an antivirus, so install an antivirus for Windows or antivirus for Mac, depending on which version of OS your device runs. Companies should verify their networks twice a year by hiring professionals to do a penetration test and various ethical hacking tests.