North Korean hackers use Google Play and Facebook to spread attacks

null

A team of North Korean hackers has managed to host at least three malicious Android apps on the Google Play Store according to a discovery by researchers at the security company McAfee

The three apps were listed on official Android marketplace in January and remained there until March when the firm privately notified Google of their existence. Two of the apps tricked users into downloading them by appearing as legitimate security apps while the other provided users with information about food ingredients. 

The apps each contained hidden functions that enabled them to steal device information as well as receive additional executable code that stole users' contacts, personal photos and text messages. 

The North Korean hackers utilised Facebook as a means of spreading the apps to select individuals and by the time Google removed them, they had around 100 downloads.    

In January, McAfee revealed that it had discovered malicious apps that targeted North Korean journalists and defectors. The apps were found to be from North Korea as their control servers contained some Korean words that were only used in North Korea. The researchers at McAfee also found a North Korean IP address in a test log file on some of the Android devices connected to accounts used to spread the malware. 

The same developer email address was used in the three malicious apps that the researchers discovered in January. The developers were not found to be connected to any other previous hacking groups so McAfee gave them the nickname Sun Team after finding a deleted folder called “sun Team Folder”.  

Just because an app is available on the Google Play Store does not mean that it is not collecting your data. Users should ensure that the apps they download are from trusted developers to prevent falling victim to malware. 

Image Credit:  Etereuti / Pixabay