1(630)802-8605 Ravi.das@bn-inc.net

Ah, it never ends does it?  More Cyber threats and attacks abound upon us many times a day, and that is all that the news headlines are filled with.  But an interesting trend is that the Cyber attacker is now steering away from attacking the actual IT infrastructure, namely the servers and the workstations (but the database of course still remains a gold mine, of course).

Now, it is all about attacking the Smartphone.  After all, it makes sense doesn’t it?  As I wrote in a previous blog, the Smartphone has become literally an extension of both our personal and professional lives.  We cannot live without it.  If we lose it or it gets stolen, we are completely paralyzed.  But, there is also another reason for targeting the Smartphone:  The mobile apps are easy also.

For example, as also written in a past blog, the mobile apps that are developed and go up on Google Play are no where near as scrutinized as those mobile apps that get uploaded to the Apple Store.  Thus, the Cyber attacker could potentially upload some rogue malicious apps that could very well be easily downloaded unwittingly onto an end user’s Smartphone.

With all of this in mind, I have some more news to bring out to you on this particular front:  There is a new Trojan Horse out there that has been designed specifically designed for the Android OS, and how it interacts with the mobile apps.  It is actually disguising itself as a fake anti virus application, and its name is the “Naver Defender”.  Not really exactly sure what that means, but hey, it seems to be creative enough in my opinion.  Ah, but it even has yet another name to it which was dubbed by Cybersecurity professionals:  “KevDroid”.

“Naver Defender” is essentially what is known as a “Remote Administration Tool”, or “RAT” for short.  As it is implied, with this kind of malware, the Cyber attacker can quite easily steal your personal and confidential information from your Android device, and even record your phone calls (better watch what you say!!!).

If you are inclined enough, all of the technical details of this malware can be seen at this link:

http://blog.talosintelligence.com/2018/04/fake-av-investigation-unearths-kevdroid.html

Although the original creators of this particular malware are yet to be traced down, it is widely believed  that this malware is somehow associated with the North Korean Cyber attacking group called “Group 123”.  This group in the past has targeted specifically high value and high profile targets based in South Korea.

So far, the malware has the following capabilities (as it has been discovered thus far, there could be many more yet that have not yet been discovered):

  • record phone calls & audio
  • steal web history and files
  • gain root access
  • steal call logs, SMS, emails
  • collect device’ location at every 10 seconds
  • collect a list of installed applications

 

(SOURCE:  https://thehackernews.com/2018/04/android-spying-trojan.html).

 

Now, you may be asking at this point, “What can I do to protect myself?”  There are many things one can do, but they can never ever guarantee 100% safety.  We will actually be covering this topic in a future blog a new client of mine, but here are some fast and easy steps that you can take:

 

*Make sure that your Smartphone has the “Remote Wipe” capability.  If it is ever lost or stolen, you can issue this command so that all information and data erased from your Smartphone, before it falls into the wrong hands.

 

*Make sure that your Smartphone has Two Factor Authentication (2FA) installed onto it.  This means that you will have a second layer of protection, along with your password.  The best ones to use are those that are Biometric based, such as the Touch ID and Face ID currently being offered by Apple on their iPhone models.

 

*First and foremost, be absolutely careful of the mobile apps that you download.  If they look suspicious or just don’t feel right, then don’t download it.  Report it to the Apple Store and Google Play, where they can take further action.