1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

North Korea-linked hackers go after defectors using malware-loaded apps in Play Store

By midian182
May 20, 2018
Post New Reply
  1. The Google Play store is no stranger to seemingly legitimate apps that host malware, but McAfee researchers have discovered something a bit different: three malicious applications that target specific individuals. The security group says a North Korea-linked group uploaded the apps, which were designed to infiltrate Android devices belonging to defectors from the country.

    While the phrase “North Korean hackers” usually refers to the notorious Lazarus Group, in this instance the attacker is the Sun Team. It was behind a campaign called RedDawn, which saw malware-loaded apps added to the Play Store before attempts were made at convincing defectors to download the software.

    The three apps appeared in Google’s store between January and March this year. The first of these, called Food Ingredients Info, offered information on food, as one might imagine. The other two—Fast AppLock and Fast AppLockFree—were security tools. All three were able to steal the personal data of those who downloaded them, which could then be used to blackmail, threaten, or track victims; this information included a user’s photos, contacts, call recordings, and SMS messages.

    "After infecting a device, the malware uses Dropbox and Yandex to upload data and issue commands, including additional plug-in dex files; this is a similar tactic to earlier Sun Team attacks,” writes McAfee’s Jaewon Min.

    "From these cloud storage sites, we found information logs from the same test Android devices that Sun Team used for the malware campaign we reported in January. The logs had a similar format and used the same abbreviations for fields as in other Sun Team logs. Furthermore, the email addresses of the new malware's developer are identical to the earlier email addresses associated with the Sun Team."

    The Sun Team tried to get North Korean defectors, of which there were over 30,000 in 2016, to download the apps by using a fake Facebook profile or sending direct private messages via the site. A chat app popular in South Korea called KakaoTalk was also used to send links to the targets.

    The apps, which have now been removed, recorded around 100 downloads during their time on the Google Play Store. Two fake Facebook profiles set up by the Sun Team are reportedly still active.

    Further evidence linking the attacks to North Korea included an IP address belonging to the country that was found in a test log file, along with the fact that the authors used Korean words “not in South Korean vocabulary.” With North Korea threatening to halt its recent peace talks, we could see more attacks from the Sun Team in the future.

    Permalink to story.

  2. VitalyT

    VitalyT Russ-Puss Posts: 4,478   +3,037

    They are messing with Skylark Tonight legacy...


    North Korea is an expert at making things that backfire.

    Last edited: May 20, 2018
  3. Uncle Al

    Uncle Al TS Evangelist Posts: 5,393   +3,780

    The real concern is probably using the tracking apps to locate the individuals for their assassination squads that are known to roam around S. Korea; just another means that Kim Jung Un tries to main control through intimidation. It will be interesting to see IF unification or some kind of peace treaty goes into effect, if Kim will forgive the defectors or if it will remain as an unwritten policy to be completed .....
  4. seeprime

    seeprime TS Guru Posts: 382   +410

    Best Korea has no idea how to develop an economy, feed the people decently, or stop acting like a toddler that's mad at mama. But, they sure do have some expert hackers.

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...