Researchers at security software firm McAfee have discovered that a North Korean hacking squad has installed a trio of malware-laden apps in the Google Play Store. The targets are defectors who left North Korea for South Korea. Once the malware is downloaded and installed, it copies contacts, photos and text messages from the victim's device, and sends them to the hackers in North Korea. The three infected apps include one that deals with food ingredients and is aptly named Food Ingredients Info. The remaining two apps are security related and are named Fast AppLock and AppLockFree.
The "Sun Team" contacts its targets through Facebook, trying to get them to open the infected "unreleased" apps. Once a phone or tablet is infected, it receives commands and uploads data through Dropbox and Russia's Yandex.
McAfee sees similarities between the recent malware attacks and one it discovered in January. A North Korean hacking group called "Sun Team" is said to be responsible for both attacks. Information logs discovered by McAfee from Dropbox and Yandex related to the new attack, came from the same test devices used by the Sun Team in the earlier campaign. In addition, the email addresses used by the developer of the new infected apps are the same ones associated with the North Korean squad.
McAfee informed Google about the infected apps, which have since been removed from the Play Store. The security firm also informed the Korea Internet & Security Agency.