KevDroid Android RAT can steal private data and record phone calls
Investigating what at first seemed like increased activity on the part of the previously reported IRRAT and TeleRAT , we identified an entirely new malware family that has been spreading since at least August In March , its source code was made available for free on Telegram hacking channels, and as a result, hundreds of parallel variants of the malware have been circulating in the wild. One of these variants is different from the rest — despite the freely available source code, it is offered for sale on a dedicated Telegram channel, marketed under the name HeroRat.
Download AndroRat Full Version – Android Remote Administration Tool
In Germany the distribution method is via SMS text messages, as you can read in this recent McAfee Labs post, while in Poland there is an ongoing email spam campaign distributing a new variant of an Android remote access tool RAT. It arrives as an attachment with the following phishing message: The email tries to scare a user with the following subject: Wykryto szkodliwe oprogramowanie w Twoim telefonie!
Detected malware on your phone! The RAT and its source code are for sale, making it accessible to everyone to create a custom version of this threat. Steal sensitive personal information such as contact list, SMS messages inbox, outbox, and sent , call logs incoming, outgoing, and missed calls , browser history title, link, date , bookmarks and GPS location latitude and longitude.
Update itself or install additional malware by downloading and prompting the user to install the file update. Intercept, block, and steal incoming SMS messages. Send MMS messages with parameters phone number and text provided by the control server.
Insert and delete SMS messages and contacts. Record surrounding sound and store it in an adaptive multi-rate file on the SD card to later send to a remote server. Open the dialer with a number provided by the attacker or execute USSD codes.
Display Toast pop-up messages on the infected device. Whatsapp users should update the app to the latest version. This attack gains credence with the appearance of a bank offering security solutions against banking malware, a typical behavior of legitimate banks.
McAfee Mobile Security detects this Android threat and alerts mobile users if it is present, while protecting them from any data loss.
For more information about McAfee Mobile Security, visit http: About the author: Carlos Castillo Carlos Castillo is a mobile malware researcher at McAfee, where he specializes in the analysis of mobile threats and Android malware.
Prior to his position at McAfee, Castillo performed security compliance audits for the Superintendencia Financiera of Colombia, and worked at security startup Easy Solutions Inc.
The Beginning of Mobile Botnets.
More from author
In Germany the distribution method is via SMS text messages, as you can read in this recent McAfee Labs post, while in Poland there is an ongoing email spam campaign distributing a new variant of an Android remote access tool RAT. It arrives as an attachment with the following phishing message: The email tries to scare a user with the following subject: Wykryto szkodliwe oprogramowanie w Twoim telefonie! Detected malware on your phone!
VIDEO: New Android “RAT” infects Google Play apps, turning phones into spyware zombies
KevDroid is a remote administration tool (RAT) designed to steal sensitive information from compromised Android devices and spy on its. George Kurtz, co-author Hacking Exposed and co-founder of new security start- up CrowdStrike, called your smartphone the “ultimate spy tool. The name Androrat is a mix of Android and RAT (Remote Access Tool).The goal of the application is to give the control of the android system.