Monday, April 28, 2025
HomeMalwareNew Android Remote Access Trojan(RAT) Steals Photos, Contacts, SMS & Recording Phone...

New Android Remote Access Trojan(RAT) Steals Photos, Contacts, SMS & Recording Phone Calls

Published on

SIEM as a Service

Follow Us on Google News

Newly Discovered two new Android RAT Compromising Victims Mobile and steals various sensitive information such as  Photos, Contacts, SMS and it can also record the user’s phone call conversations.

Both variants have the same functionality in terms of stealing the sensitive data from victims and the researchers named this as KevDroid.

One Variant of this Android RAT using the Android exploit (CVE-2015-3636) to gain the root access from the compromised victims mobile.

- Advertisement - Google News

Researchers believe that  EST Security discovered an Android malware that there could be a link between this Android malware and Group 123.

KevDroid using open source tool that available on GitHub to record the phone calls from the compromised users mobile.

Also Read: Advanced Android Malware Steal Users Facebook, Twitter, Telegram,Skype Messenger Data

First Variant of KevDroid Android RAT

The first Android RAT variant has similar functionality that was explained by the EST Security researchers and it was named as  KevDroid due to the Android author tag reading as “Kevin”.

Main Purpose of this variant has distributed to record the phone calls and steal the phone call history.

This  Android RAT variant contains a library to record phone calls made on Android devices and the malware author used his original name for this malware.

According to Cisco, The purpose of the application is to steal information stored on the device. Here is the list of stolen information:

  • Installed applications
  • Phone number
  • Phone Unique ID
  • Location (the application tries to switch on the GPS), this information is collected every 10 seconds, which is aggressive for this kind of spying tool
  • Stored contacts information (name, phone numbers, emails, photos, etc.)
  • Stored SMS
  • Call logs
  • Stored emails
  • Photos
  • Recording calls

Complete successful infection of this Kevdroid will perform to steal sensitive data, such as photographs, passwords, banking information or social engineering.

Second Variant of KevDroid 

The second Android RAT is quite larger than the first variant and it contains a lot of changes such as this variant using  SQLite databases to store data.

This variant contains the additional future than the previous version.

  • Camera recording
  • Audio recording
  • Web history stealing
  • File stealing
  • Root access on the device

“Researchers said this Android RAT attempts to exploit the device using CVE-2015-3636 with the code available on GitHub. The purpose is to obtain the root permission on the compromised device. By obtaining root permissions on the device.”

Stole sensitive data such as phone call history, images, and personal videos by this Android RAT will be used to blackmail the victims and demand the money else it leads to the kidnapping of a loved one and abuse the financial transaction to steal money.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Advanced Multi-Stage Carding Attack Hits Magento Site Using Fake GIFs and Reverse Proxy Malware

A multi-stage carding attack has been uncovered targeting a Magento eCommerce website running an...

Hannibal Stealer: Cracked Variant of Sharp and TX Malware Targets Browsers, Wallets, and FTP Clients

A new cyber threat, dubbed Hannibal Stealer, has surfaced as a rebranded and cracked...

Rack Ruby Framework Vulnerabilities Let Attackers Inject and Manipulate Log Content

Researchers Thai Do and Minh Pham have exposed multiple critical vulnerabilities in the Rack...

SAP NetWeaver 0-Day Flaw Actively Exploited to Deploy Webshells

SAP disclosed a critical zero-day vulnerability, identified as CVE-2025-31324, in its NetWeaver Visual Composer component. This...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Advanced Multi-Stage Carding Attack Hits Magento Site Using Fake GIFs and Reverse Proxy Malware

A multi-stage carding attack has been uncovered targeting a Magento eCommerce website running an...

Hannibal Stealer: Cracked Variant of Sharp and TX Malware Targets Browsers, Wallets, and FTP Clients

A new cyber threat, dubbed Hannibal Stealer, has surfaced as a rebranded and cracked...

Obfuscation Techniques: A Key Weapon in the Ongoing War Between Hackers and Defenders

Obfuscation stands as a powerful weapon for attackers seeking to shield their malicious code...