Android Malware Secretly Records Phone Calls and Steals Private Data 2018


The most recent variant of KevDroid malware, detected in March this year, has the following capabilities:

  • record phone calls & audio
  • steal web history and files
  • gain root access
  • steal call logs, SMS, emails
  • collect device’ location at every 10 seconds
  • collect a list of installed applications
Malware uses an open source library, available on GitHub, to gain the ability to record incoming and outgoing calls from the compromised Android device.

“If an adversary were successful in obtaining some of the information KevDroid is capable of collecting, it could result in a multitude of issues for the victim,” resulting in “the leakage of data, which could lead to a number of things, such as the kidnapping of a loved one, blackmail by using images or information deemed secret, credential harvesting, multi-factor token access (SMS MFA), banking/financial implications and access to privileged information, perhaps via emails/texts,” Talos says.

“Many users access their corporate email via mobile devices. This could result in cyber espionage being a potential outcome for KevDroid.”

How to Keep Your Smartphone Secure

Such Android malware can be used to target your devices as well, so you if own an Android device, you are strongly recommended to follow these simple steps to help avoid this happening to you:

  • Never install applications from 3rd-party stores.
  • Ensure that you have already opted for Google Play Protect.
  • Enable ‘verify apps’ feature from settings.
  • Keep “unknown sources” disabled while not using it.
  • Install anti-virus and security software from a well-known cybersecurity vendor.
  • Regularly back up your phone.
  • Always use an encryption application for protecting any sensitive information on your phone.
  • Never open documents that you are not expecting, even if it looks like it’s from someone you know.
  • Protect your devices with pin or password lock so that nobody can gain unauthorized access to your device when remains unattended.
  • Keep your device always up-to-date with the latest security patches.

Over 4 million Gaming Applications are Infected with Malware in Play Store

The malware causes pornographic content to show on the devices while the infected app is running, aside from trying to get users to install fake security apps and charging for unregistered premium services.

An android malware named “AdultSwine” has attacked children-friendly gaming application in the play store. The malware reportedly has the ability to steal user credentials. Over 60 apps have been pulled by Google after recognizing the malware.

A comprehensive list of affected apps and related research can be found on Checkpoint’s research blog. Google will continue to send notifications to phones that have the affected apps installed.

The malware was discovered by researchers at Checkpoint and the affected apps have since been pulled by Google, and the developers’ accounts banned.
The affected apps have been downloaded as much as 3 to 7 million times, according to Play Store data.

Now Faceworm malware revisit gradually into Facebook Messanger

Security firm Trend Micro’s researchers have identified a cryptocurrency hijacking Google Chrome extension similar to Digmine at the end of April 2018 that can hijack Bitcoin transactions before getting detected. The extension utilizes an already discovered malware called FacexWorm.
Since the time FacexWorm was detected, security experts were keeping an eye on its activities and in April 2018 they detected that its activity has substantially increased. The main target of FacexWorm even this time around is Facebook users across the globe.
The malware was first spotted in August last year on Facebook Messenger when it sent out fake messages in an attempt to steal passwords and other sensitive information from users on the platform.
If FacexWorm identifies that the browser isn’t Chrome, it redirects the user to a harmless advertisement.
The malware is capable of stealing passwords, crypto currency can even perform crypto jacking, injecting malicious mining codes into preferred websites as well as hijack transactions and web wallets.
FacexWorm takes advantage of the Facebook virus to spread all over the world. Hacked Facebook accounts send social engineered spam links via Facebook Messenger and redirect the recipients to a rogue YouTube-themed website that is professionally designed, offering Chrome extension infected with FacexWorm JavaScript code. The targeted user is prompted to install the codec extension from where it gets installed on their systems. A Facebook share link enables the malware to reach other people in your friend list as well, and possibly infect their systems as well.
Typically enough, the blog post states, FacexWorm malware specifically targets cryptocurrency trading portals by searching for keywords such as ‘blockchain’ and ‘ethereum’ present in the URL. Once detected, it will apparently prompt the user to verify wallet address payment by sending a token amount of Ether. While there seems to be no possibility of getting the money back, researchers say only one Bitcoin transaction has been compromised in the ordeal yet.