Notebookcheck Logo

North Korean malware targets defectors and their supporters

North Korean military parade, North Korean Android malware targets defectors and their supporters
North Korean military parade
McAfee researchers recently uncovered a hacking operation that targets North Korean defectors and those who help them, using popular chat apps and social media services (Facebook included) to deliver malware to their Android devices.

Modern technology makes it easier for people to communicate but also helps those interested in spying the average Joe/Jane Doe to get the job done far easier than before. A few decades ago, gaining accurate information was not that easy to do, even in a dictatorship where everyone was watching (and betraying) everyone.

Just as a side note, my father had a roommate who happened to be a foreign student from the Middle East. The secret police agency assigned a guy who was supposed to get information about that guy's activities from my father. In such cases, there is no way to avoid talking, but depends on you what you choose to say... so my father always fed that intelligence officer a bunch of harmless lies or just irrelevant information. Since his roommate was not into any illegal activities anyway, in the end nothing bad happened. This was taking place in communist Romania, around 1975, in case you were wondering.

Now, think about having a malware-infected smartphone in a country like North Korea today: no matter how innocent would be your online activity at first sight, you would most likely end up in a reeducation camp within a week. Fortunately for them, most North Koreans do not have a smartphone with access to the internet. Unfortunately, the defectors and those who help them have been recently the targets of a carefully organized hacking operation that appears to be backed by the North Korean government.

McAfee recently uncovered a hacking campaign targeted at carefully chosen targets, naming it Sun Team. The Sun Team attacks used multiple services to lure the victims, especially social networks and popular chat apps. The two main malware-carrying apps were named "Pray for North Korea" and "BloodAssistant," the last one posing as a healthcare app and sometimes being delivered via Facebook.

Once the malware installs on a device and the accessibility settings required to gain full control are being turned on via a successful phishing attack, it uses cloud services as a control server and as a hub for uploading personal data and receiving commands.

Although the McAfee team who studied this campaign cannot confirm its origins, saying that the perpetrators are "familiar with South Korea and appear to want to spy on North Korean defectors, and on groups and individuals who help defectors" should be enough.

In the end, McAfee's researcher Jaewon Min came up with a few useful security-related recommendations for all Android users: "Always keep your mobile security application updated to the latest version, and never install applications from unverified sources. We recommend installing KakaoTalk only from Google Play. These habits will reduce the risk of infection by malware."


static version load dynamic
Loading Comments
Comment on this article
Please share our article, every link counts!
> Expert Reviews and News on Laptops, Smartphones and Tech Innovations > News > News Archive > Newsarchive 2018 01 > North Korean malware targets defectors and their supporters
Codrut Nistor, 2018-01-12 (Update: 2018-01-12)