Security researchers at Cisco Talos have uncovered variants of a new Android Trojan that are being distributed in the wild disguising as a fake anti-virus application, dubbed "Naver Defender."

Dubbed KevDroid, the malware is a remote administration tool (RAT) designed to steal sensitive information from compromised Android devices, as well as capable of recording phone calls.

Talos researchers published Monday technical details about two recent variants of KevDroid detected in the wild, following the initial discovery of the Trojan by South Korean cybersecurity firm ESTsecurity two weeks ago.

The most recent variant of KevDroid malware, detected in March this year, has the following capabilities:

record phone calls & audio
steal web history and files
gain root access
steal call logs, SMS, emails
collect device' location at every 10 seconds
collect a list of installed applications

How to Keep Your Smartphone Secure

Android users are advised to regularly cross-check apps installed on their devices to find and remove if any malicious/unknown/unnecessary app is there in the list without your knowledge or consent.

Such Android malware can be used to target your devices as well, so you if own an Android device, you are strongly recommended to follow these simple steps to help avoid this happening to you:

Never install applications from 3rd-party stores.
Ensure that you have already opted for Google Play Protect.
Enable 'verify apps' feature from settings.
Keep "unknown sources" disabled while not using it.
Install anti-virus and security software from a well-known cybersecurity vendor.
Regularly back up your phone.
Always use an encryption application for protecting any sensitive information on your phone.
Never open documents that you are not expecting, even if it looks like it's from someone you know.
Protect your devices with pin or password lock so that nobody can gain unauthorized access to your device when remains unattended.
Keep your device always up-to-date with the latest security patches.