Malicious software targeted North Korean Defectors and Journalists
According to a report by the McAfee Mobile Research team, a malicious APK file is being used to attack KakaoTalk chat app for North Korean defectors and journalists.
Attackers send malicious links to specific groups through KakaoTalk or other social networking services such as Facebook, often pretending to be “북한기도” (Pray for North Korea) and “BloodAssistant” (a healthcare app).
Victims who click on these malicious links will automatically install a series of spy trojans that can hold SMS messages, contact information, GPS locations, phone records, installed apps, and contacts, etc .; it can also record phone calls. In addition, attackers can easily expand the malicious functions of Trojans, without having to update the entire software.
North Korean national hackers are most likely to be behind-the-scenes attackers, with little doubt. “The group behind the attack is familiar with Korean culture, drama, drama, and language because many account names come from Korean dramas and TV shows.”
Image: McAfee
Further narrowing the scope, McAfee company found the Korean word “피형” (“blood type”), and South Korea did not use the same word. In addition, there are North Korea’s IP addresses in some Android device test log files, which are connected to accounts used to spread malware.
This malware campaign is highly targeted, using social network services and KakaoTalk to directly approach targets and implant spyware. We cannot confirm who is behind this campaign, and the possible actor Sun Team is not related to any previously known cybercrime groups. The actors are familiar with South Korea and appear to want to spy on North Korean defectors, and on groups and individuals who help defectors.
McAfee Mobile Security detects this malware as Android/HiddenApp.BP. Always keep your mobile security application updated to the latest version, and never install applications from unverified sources. We recommend installing KakaoTalk only from Google Play. These habits will reduce the risk of infection by malware.
Reference: McAfee