North Korea-Linked Hackers Targeting Defectors With Android Malware

North Korea-Linked Hackers Targeting Defectors With Android Malware

Escaping the isolated and oppressive regime of Kim Jong Un’s North Korea requires a harrowing effort, but even getting out of the country may not be enough to escape its reach. New research from McAfee suggests hackers in North Korea are targeting defectors with malware-infected Android apps.

Photo: Getty

The cybersecurity firm reported this week that it found a number of apps in the Google Play Store infected with what it dubbed RedDawn malware. If installed on a device, the attack could steal a significant amount of personal data and sensitive information that could be used by the attackers to threaten or track victims.

A total of three apps discovered in Google’s official app marketplace were infected with RedDawn. The first, titled 음식궁합 (Food Ingredients Info), offered users information about food. The other two, Fast AppLock and AppLockFree, were both presented as security-related tools.

While the apps could be freely downloaded from the Google Play Store by anyone, the attackers — Sun Team hacking group, the same North Korea-linked behind a malware attack directed at North Korean refugees and journalists earlier this year — primarily distributed the apps by targeting individuals and contacting them via Facebook.

McAfee reported the malware is believed to act in multiple stages, with AppLockFree doing reconnaissance to set up the more malicious parts of the attack, delivered via the other two apps. Once the malware infects a victim’s device, it can collect photos, contacts, text messages and other sensitive information. All of that data is transferred to cloud storage sites operated by the Sun Team.

None of the apps uploaded by Sun Team received widespread downloads — McAfee suggests they achieved about 100 infections in total — and have since been removed from the Google Play Store. But they do present a serious threat to the very sensitive targets who fell victim to the attack and reveal that hackers in North Korea have a keen interest in targeting defectors.

There are more than 30,000 people who have fled from North Korea to South Korea, per Radio Free Asia, and more than 1,000 risk their lives to break free of the regime every year.

Talks of nuclear disarmament and discussions of a treaty with South Korea may make it look like North Korea is interested in gaining acceptance from the rest of the world, but attacks like this reveal it is as brutal and vindictive as ever.

[McAfee, Ars Technica]