Latest in Gear

Image credit: Greg Baker/AFP/Getty Images

North Korea-linked hackers targeted defectors with Android spyware

The surveillance apps made it to Google Play.
443 Shares
Share
Tweet
Share
Save

Sponsored Links

Greg Baker/AFP/Getty Images

When Android malware slips into the Google Play Store, it's usually there to push unwanted ads or perpetuate a scam. McAfee researchers, however, have discovered something more sinister. A North Korean group nicknamed Sun Team recently posted three apps in Google Play that were used to target defectors from the authoritarian country. The attackers contacted people through Facebook in bids to have them install seemingly innocuous "unreleased" apps for food and security. When installed, the rogue apps would send contacts, photos and text messages to the intruders using Dropbox and Russia's Yandex to both upload data and send commands.

The campaign, nicknamed RedDawn, isn't Sun Team's first. McAfee spotted another initiative in January. That effort, however, required downloads outside of Google Play -- the would-be victims had to go out of their way to download the apps. This tactic might have been more convincing when many users explicitly trust Google Play and its anti-malware screening.

It's not completely certain that North Korea's government is behind RedDawn. McAfee told Ars Technica that it believed Sun Team was distinct from the state-backed Lazarus group that has been launching attacks for years. It's also unclear that the campaign was successful given that there are no publicly known infections. The targets and the purely spying-oriented nature of the code make North Korea's regime a strong candidate, though. And whoever's responsible, this is more than a little concerning. It suggests that you're not safe from politically motivated malware attacks even if you limit your app downloads to official stores.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
443 Shares
Share
Tweet
Share
Save

Popular on Engadget

Engadget's Guide to Privacy

Engadget's Guide to Privacy

View
Neo Geo retro stick console includes 'King of Fighters,' 'Samurai Shodown'

Neo Geo retro stick console includes 'King of Fighters,' 'Samurai Shodown'

View
Watch the 'Android' Nokia phone that never had a chance to exist

Watch the 'Android' Nokia phone that never had a chance to exist

View
TiVo tries running pre-roll ads before your recorded shows

TiVo tries running pre-roll ads before your recorded shows

View
YouTube CEO apologizes for channel verification mess (updated)

YouTube CEO apologizes for channel verification mess (updated)

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr