Skip to main content

The Google Play store hosted malware meant to steal from North Korean defectors

McAfee researchers have discovered that hackers with links to the North Korean regime managed to make Google complicit in stealing information from defectors from the nation. As per a recently published blog post, the Google Play store has apparently been playing host to at least three apps designed to collect data from specific individuals. Two of these apps were posing as security apps, while the third claimed to provide food ingredient information. But what they really did was steal information from devices and receive certain code that allowed them to further access data like photos, contact lists, and even text messages.

In most instances, McAfee found the apps were generally sent to select users, generally by contacting them via Facebook. By the time McAfee privately notified Google as to the existence of these apps, 100 folks had already downloaded them, and the apps had been live in the Google Play store for three months — from January to March. Alas, this highlights the shortcomings of Google’s filters that are intended to keep out malware.

Recommended Videos

The alleged actor behind these apps doesn’t appear to be a new player in the hacking scene. Back in January, McAfee noted that it had found malicious apps intended to infect North Korean journalists and defectors’ devices. The group behind these apps was subsequently named Sun Team, and is apparently the same group behind these latest apps.

At the very least, the apps were all linked to the same developer email address. Moreover, McAfee found that the words used in the control servers were common in North Korea, but not South Korea. There was also a North Korean IP address discovered in a test log file of some Android devices connected to account used to send out the malware. This has led researchers to believe that the attacks are based in the isolated nation.

“These features are strong evidence that the actors behind these campaigns are not native South Koreans but are familiar with the culture and language,” McAfee researchers wrote. “These elements are suggestive, though not a confirmation, of the nationality of the actors behind these malware campaigns.”

Lulu Chang
Former Digital Trends Contributor
Fascinated by the effects of technology on human interaction, Lulu believes that if her parents can use your new app…
Malware is spreading through Google Bard ads — here’s how to avoid them
A person holds a phone with the Google logo and word 'Bard' on the screen. In the background is a Google Bard logo.

As the public adjusts to trusting artificial intelligence, there also brews a perfect environment for hackers to trap internet users into downloading malware.

The latest target is the Google Bard chatbot, which is being used as a decoy for those online to unknowingly click ads that are infected with nefarious code. The ads are styled as if they are promoting Google Bard, making them seem safe. However, once clicked on, users will be directed to a malware-ridden webpage instead of an official Google page.

Read more
This Google Chrome feature may save you from malware
Google Chrome app on s8 screen.

There are probably hundreds of thousands of Google Chrome extensions out there, and with so many options to choose from, it can be hard to know whether the plugin you want to install is hiding malware nasties.

That could become a thing of the past, though, as Google is testing a feature that will warn you if an extension you installed has been removed from its Chrome Web Store.

Read more
App developers get relief from Google tax in one of Android’s biggest markets
Tinder on the GooglePlay App Store.

Just over a week ago, Google was fined approximately $113 million in India for forcing its in-house billing system on developers making Android apps. While the fine was hefty in and of itself, the laundry list orders issued by the Competition Commission of India were the real concern for Google.

The company has now complied with the most controversial directive by removing the mandatory Google Play billing policy for in-app purchases made in India. In an official update, the company notes that it is “pausing enforcement of the requirement for developers to use Google Play's billing system for the purchase of digital goods and services for transactions.”
Why does it matter?

Read more