Attackers use legitimate apps as cover for their malicious code. In the case of KaoSpy, attackers used modified versions of the Kakao talk app and targeting Tibetan activists; this malware is distributed using phishing emails. The malicious spyware collects a large amount of sensitive user information (contacts, call logs, SMS messages, installed applications, and location) and uploads the data to the attackers server. But not all Trojans are so narrowly targeted; BadNews pretended to be a legitimate game app, which in turn collected sensitive user information and sent it to the attacker. As far as BYOD goes, if employees have access to sensitive information, this can be disastrous to an organization.