Posted on May 22, 2018 at 3:57 PM
North Korean Defectors Targeted by Malware Hosted on the Google Play Store
Researchers from McAfee uncovered malicious apps on Google’s Play Store, which had the potential to steal information. The likely targets for these apps were North Korean defectors, and researchers believe that they targeted specific individuals.
Google Play Store hosted data-stealing apps
According to researchers from McAfee, Google Play Store was serving as a host to a particularly interesting set of apps. The apps were designed to look like security applications, as well as food ingredients information apps, but their real purpose was to steal information from their users.
After studying the newly-discovered apps, researchers found that they were linked to North Korean hackers who wanted to steal data from this country’s defectors. There were at least three of these apps, according to the reports, and they have been downloaded around 100 times before being discovered.
The apps were also being sent to specific users, and not hunting for their victims at random. Their design allowed them to steal information of their targets’ device, as well as to access their contact lists, photos, and even texts. The distribution of the apps mostly went via Facebook, according to researchers. By the time the security firm contacted Google, and the company removed the apps, they were already downloaded over a hundred times.
Not only that, but it was also uncovered that they were a part of Google’s Play Store for around three months. They were originally posted in January 2018, and the researchers discovered their real purpose back in March of this year. This is yet another proof that Google needs to work on its filters in order to keep their users’ privacy safe and keep out the malicious apps.
Who is behind the apps?
The researchers believe that the persons responsible for launching the apps are not a part of the new entity. Similar apps were found back in January of this year, and their victims were also of North Korean origin. It would seem that they targeted the country’s defectors and journalists. The group was called the Sun Team, and it seems that they are the same ones who are responsible for the three apps discovered in March.
Not much is certain about their allegiance or motives behind the apps, but what researchers can say for certain is that all of the apps discovered by now share a link to the same email address. Another thing that they in common is the specific set of words that are commonly used in North Korea, but are not used in South Korea. Additionally, there is an IP address that McAfee managed to uncover, which also has a connection to North Korea, and was previously used for sending malware. All of these facts clearly point to the hackers’ connection to North Korea, which is likely where they operate from.
Finally, researchers themselves confirm that none of this is a clear confirmation of anything regarding the hackers. However, it does suggest a lot, at least in terms of their origin and nationality.