Researchers claim that a team of hackers linked to North Korea recently managed to get the Google Play app store to host at least three android applications that were designed specifically to covertly steal personal information from North Korean defectors.
These three thieving apps first appeared in the Google Play marketplace in January, and they weren’t removed until late March when Google was notified privately, according to a blog post published by researchers from McAfee on Thursday.
Two of these thieving apps were masqueraded, ironically as security apps whereas the third app purported to provide information regarding food ingredients. These applications contained hidden functions that allowed them to steal device information and also permitted them to receive additional executable code that allowed them to steal personal photos, contact lists as well as text messages.
These apps were distributed to a few selected individuals and in many cases; these individuals were contacted through Facebook. The app had already had 100 downloads before Google removed them. Nation-operated clandestine activities such as this usually aim to infect a minimal number of targets in order to evade detection.
McAfee reported last November that they found malicious Android files that had backdoors very similar to those that were used by Lazarus, which is a North Korean hacking group. This Android malware used the same seed to create encryption keys and also the same way to communicate through control servers.
In January, McAfee came across malicious apps which were targeting North Korean journalist and defectors. The three apps, as reported by McAfee, have the same email address developer that was used for the apps recounted in January.
These apps also contained a Korean writing description and had a Dropbox account with data About Jack Black and other celebrities who had appeared on Korean TV.
Let us know your thoughts below.