Notebookcheck

North Korean malware targets defectors and their supporters

North Korean military parade, North Korean Android malware targets defectors and their supporters
North Korean military parade
McAfee researchers recently uncovered a hacking operation that targets North Korean defectors and those who help them, using popular chat apps and social media services (Facebook included) to deliver malware to their Android devices.

Working For Notebookcheck

Are you a techie who knows how to write? Then join our Team!

Currently wanted: 
News Editor - Details here

Modern technology makes it easier for people to communicate but also helps those interested in spying the average Joe/Jane Doe to get the job done far easier than before. A few decades ago, gaining accurate information was not that easy to do, even in a dictatorship where everyone was watching (and betraying) everyone.

Just as a side note, my father had a roommate who happened to be a foreign student from the Middle East. The secret police agency assigned a guy who was supposed to get information about that guy's activities from my father. In such cases, there is no way to avoid talking, but depends on you what you choose to say... so my father always fed that intelligence officer a bunch of harmless lies or just irrelevant information. Since his roommate was not into any illegal activities anyway, in the end nothing bad happened. This was taking place in communist Romania, around 1975, in case you were wondering.

Now, think about having a malware-infected smartphone in a country like North Korea today: no matter how innocent would be your online activity at first sight, you would most likely end up in a reeducation camp within a week. Fortunately for them, most North Koreans do not have a smartphone with access to the internet. Unfortunately, the defectors and those who help them have been recently the targets of a carefully organized hacking operation that appears to be backed by the North Korean government.

McAfee recently uncovered a hacking campaign targeted at carefully chosen targets, naming it Sun Team. The Sun Team attacks used multiple services to lure the victims, especially social networks and popular chat apps. The two main malware-carrying apps were named "Pray for North Korea" and "BloodAssistant," the last one posing as a healthcare app and sometimes being delivered via Facebook.

Once the malware installs on a device and the accessibility settings required to gain full control are being turned on via a successful phishing attack, it uses cloud services as a control server and as a hub for uploading personal data and receiving commands.

Although the McAfee team who studied this campaign cannot confirm its origins, saying that the perpetrators are "familiar with South Korea and appear to want to spy on North Korean defectors, and on groups and individuals who help defectors" should be enough.

In the end, McAfee's researcher Jaewon Min came up with a few useful security-related recommendations for all Android users: "Always keep your mobile security application updated to the latest version, and never install applications from unverified sources. We recommend installing KakaoTalk only from Google Play. These habits will reduce the risk of infection by malware."

Source(s)

static version load dynamic
Loading Comments
Comment this article

Quality journalism is made possible by advertising. We show the least amount of ads whenever possible. We intentionally show more ads when an adblocker is used. Please, switch off ad blockers.

Please share our article, every link counts!
> Notebook / Laptop Reviews and News > News > News Archive > Newsarchive 2018 01 > North Korean malware targets defectors and their supporters
Codrut Nistor, 2018-01-12 (Update: 2018-01-12)
Codrut Nistor
Codrut Nistor - News Editor
Although I have been writing about new software and hardware for almost a decade, I consider myself to be old school. I always enjoy listening to music on CD or tape instead of digital files and I will not even get into the touchscreen vs physical keys debate. However, I also enjoy new technology, as I now have the chance to take a look at the future every day. I joined the Notebookcheck crew back in 2013 and I have no plans to leave the ship anytime soon.