McAfee researchers have discovered three apps in Google Play that used to target defectors from the North Korean.
A North Korean group nicknamed Sun Team recently posted three apps in Google Play. The attackers contacted people through Facebook in bids to have them install seemingly innocuous “unreleased” apps for food and security. When installed, the rogue apps would send contacts, photos and text messages to the intruders using Dropbox and Russia’s Yandex to both upload data and send commands.
It’s not completely certain that North Korea’s government is behind RedDawn. McAfee told Ars Technica that it believed Sun Team was distinct from the state-backed Lazarus group that has been launching attacks for years. It’s also unclear that the campaign was successful given that there are no publicly known infections. The targets and the purely spying-oriented nature of the code make North Korea’s regime a strong candidate, though. And whoever’s responsible, this is more than a little concerning. It suggests that you’re not safe from politically motivated malware attacks even if you limit your app downloads to official stores.