McAfee: Apps from the Google Play Store were used to track defectors from North Korea

McAfee: Apps from the Google Play Store were used to track defectors from North Korea
Researchers at security software firm McAfee have discovered that a North Korean hacking squad has installed a trio of malware-laden apps in the Google Play Store. The targets are defectors who left North Korea for South Korea. Once the malware is downloaded and installed, it copies contacts, photos and text messages from the victim's device, and sends them to the hackers in North Korea. The three infected apps include one that deals with food ingredients and is aptly named Food Ingredients Info. The remaining two apps are security related and are named Fast AppLock and AppLockFree.

The "Sun Team" contacts its targets through Facebook, trying to get them to open the infected "unreleased" apps. Once a phone or tablet is infected, it receives commands and uploads data through Dropbox and Russia's Yandex.

McAfee sees similarities between the recent malware attacks and one it discovered in January. A North Korean hacking group called "Sun Team" is said to be responsible for both attacks. Information logs discovered by McAfee from Dropbox and Yandex related to the new attack, came from the same test devices used by the Sun Team in the earlier campaign. In addition, the email addresses used by the developer of the new infected apps are the same ones associated with the North Korean squad.


McAfee informed Google about the infected apps, which have since been removed from the Play Store. The security firm also informed the Korea Internet & Security Agency. 

source: McAfee

FEATURED VIDEO

13 Comments

1. iPhoneFanboy

Posts: 286; Member since: Apr 21, 2018

North Korean defectors using iOS are safe

3. worldpeace

Posts: 3091; Member since: Apr 15, 2016

So does terrorists that using iOS.

4. iPhoneFanboy

Posts: 286; Member since: Apr 21, 2018

The only terrorists mentioned in this article is the North Korean government using Google Play on Android to track defectors.

11. Dr.Phil

Posts: 2248; Member since: Feb 14, 2011

Are you therefore making an argument for backdoors to encryption? I’m just curious to see where you’re going to go with this statement, because it sounds an awful lot like fear mongering.

2. gamehead unregistered

Yikes!

5. path45th

Posts: 398; Member since: Sep 11, 2016

Android = low grade, Trojan horse OS.

6. MINDoSOUL

Posts: 322; Member since: Feb 28, 2014

If you think iOS is better then you are naive.If you are wanted to be hacked you will be whether technologically or socially. It's that simple. I would take Android over iOS any day.

10. Klinton

Posts: 1408; Member since: Oct 24, 2016

Android is way more secure that iOS. Just read the tests. Simply on Android you can download whatever you want, on your own risk- with just giving a permission(without rooting)

7. gravityron

Posts: 46; Member since: Aug 07, 2012

lol ..

8. ibap

Posts: 865; Member since: Sep 09, 2009

They didn't bother with iOS because the phones are too expensive for the defectors to buy.

12. Klinton

Posts: 1408; Member since: Oct 24, 2016

Note and Galaxy are not cheaper. And there are cheap old models of iPhones too. More like is because, on Android is possible to download app outside the Store, on your risk, but on iOS you have to root the phone.

9. AfterShock

Posts: 4146; Member since: Nov 02, 2012

Umm seems like a little bit of a stretch. Defectors, would buy phones, then seek out these apps on their own and use them in their new life to be tracked. Or was part of their mission in first place before leaving NK. I can't believe they would find these three apps on their own and feel they needed them without being coerced in first place.

13. L0n3n1nja

Posts: 1511; Member since: Jul 12, 2016

The "RedDawn" team contacts its targets through Facebook, trying to get them to open the infected "unreleased" apps.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.