North Korean Hackers Exact Revenge On Defectors With Data-Stealing Android Malware

Over 1,000 North Korean citizens try to defect to South Korea each and every year, and for each of them, the sudden sense of freedom must feel overwhelming. Naturally, North Korea isn't happy with anyone who decides to leave, and the country certainly has the means to seek out and track those who've done so.

While the country may not send out investigators to follow everyone who defects, the North Korean government has other creative ways to keep tabs on its former citizens, including creating its own sophisticated malware. More specifically, this mobile device malware will read your personal information, and even upload your photos to a remote cloud server. Clearly, if you want to defect and keep hidden, this malware would be a disaster.

North Korea Malware Google Play Design

In all, three separate apps that were uploaded to Google's Play Store were discovered, all developed by North Korea's Sun Team group. The app's presence on the Play Store wasn't decided upon by its unwitting users due to its widespread popularity, but instead its developers gave users the impression of legitimacy through a rather elaborate scheme.

It could never be assumed that if you are to release a mobile app, it's going to be downloaded by a very specific person. So in this case, victims were befriended on social media, and subsequently given a link to the three infected apps, each of which serves its own purpose for the malware. In addition to the theft of photos and basic information, the malware will also siphon text messages, which could be the most vital bit of information a government-backed spy could use.

North Korea Malware Google Play

Only 100 infections were detected by McAfee, and while that sounds small in the grand scheme of things, we need to consider the fact its targets were part of a very small niche. Each of those 100 infections could lead to a legitimate defector who doesn't even know they're infected and being watched. Regardless, if there's anyone we could excuse for lackadaisical security practices, just arbitrarily downloading rogue apps, it would be those who've been locked away from the outside world their entire life by an oppressive, draconian government regime.