KevDroid
NJCCIC Threat Profile
Original Release Date: 2018-04-03
KevDroid is an Android remote access trojan (RAT) disguised as a fake antivirus app capable of exfiltration of data from an infected device. Once a device is infected, the malware attempts to gain root access to the device using a known android vulnerability CVE-2015-3636. KevDroid collects the location of the device every 10 seconds, collects a list of applications, and starts stealing information such call logs, SMS, emails, etc., using an HTTP POST request to send all the information back to the C2 server controlled by the attacker.
Technical Details
- Cisco Talos researchers provides technical details, here.
Featured Content
- Disaster Relief and Tragedy-Related Scams>
- Flaw in Cosmo DB Could Allow Access to Databases>
- Threat Actors Use Messaging Service as Phishing Lure>
- Back-to-School Cybersecurity>
- Patch Now: Active Exploitation of Microsoft Exchange ProxyShell Vulnerabilities >
- T-Mobile Breach>
- Test Your Cybersecurity Knowledge - Take Our Cyber Quiz Today>
The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.
View our Privacy Policy here.
View our Site Index here.