Skip to main content

North Korean hackers use Google Play and Facebook to spread attacks

(Image credit: Image Credit: Etereuti / Pixabay)

A team of North Korean hackers has managed to host at least three malicious Android apps on the Google Play Store according to a discovery by researchers at the security company McAfee (opens in new tab)

The three apps were listed on official Android marketplace in January and remained there until March when the firm privately notified Google of their existence. Two of the apps tricked users into downloading them by appearing as legitimate security apps while the other provided users with information about food ingredients. 

The apps each contained hidden functions that enabled them to steal device information as well as receive additional executable code that stole users' contacts, personal photos and text messages. 

The North Korean hackers (opens in new tab) utilised Facebook as a means of spreading the apps to select individuals and by the time Google removed them, they had around 100 downloads.    

In January, McAfee revealed that it had discovered malicious apps that targeted North Korean journalists and defectors. The apps were found to be from North Korea as their control servers contained some Korean words that were only used in North Korea. The researchers at McAfee also found a North Korean IP address in a test log file on some of the Android devices connected to accounts used to spread the malware. 

The same developer email address was used in the three malicious apps that the researchers discovered in January. The developers were not found to be connected to any other previous hacking groups so McAfee gave them the nickname Sun Team after finding a deleted folder called “sun Team Folder”.  

Just because an app is available on the Google Play Store (opens in new tab) does not mean that it is not collecting your data. Users should ensure that the apps they download are from trusted developers to prevent falling victim to malware. 

Image Credit:  Etereuti / Pixabay

After getting his start at ITProPortal and then working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches to how to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.