Infected Google Play apps are targeting North Korean defectors

by Gabriel E. Hall - -

RedDawn authors are targeting North Korean victims using Messenger

North Koreans use malware uploaded on Play Store to track refugees

North Korea is known for its totalitarian regime around the world. It is also not a secret that residents are try to flee the country while risking their lives. After the escape, however, they might still be detected and tracked, as security experts from McAfee discovered[1] a new string of malware attacks that target North Korean defectors.

The malware, dubbed RedDawn, was found by security specialists in three different apps on Google Play Store. If executed and installed on Android device, it can steal a significant amount of personal information, such as contact list, messages, photos, phone numbers, social media information and similar data. Later on, it can be used to threaten victims.

These infected apps can be freely downloaded from their official sites and other resources. However, the hacker group called Sun Team has been relying on another method – Facebook's Messenger. They used it to communicate with victims and urge them to download the virus using phishing messages. The fake accounts created by hackers use stolen social network photos of South Koreans, and quite a few individuals reported identity fraud.[2]

As evident, cybercrooks have been spreading malware using Messenger[3] for awhile now, and it does not seem that these type of attacks are going to stop anytime soon. Since the discovery, all malicious apps were taken down by Google.

Malicious apps, luckily enough, haven't been downloaded by many

These three apps discovered by the security team from McAfee as malicious are:

  • 음식궁합 (Food Ingredients Info)
  • Fast AppLock
  • AppLockFree

While the first app focused on food preparation, other two were connected to the online security (ironically). Regardless of the app content, seems like the Sun Team tried to appeal to multiple people. 

Infections are multi-staged, as the first two apps get commands, together with a .dex executable from a remote cloud server. It is believed that, unlike the first two apps, AppLockFree is used for surveillance stage of the infection. Nevertheless, once the payload is executed, malware can harvest the needed information about users and send it to Sun Team using Dropbox and Yandex cloud-based services.

Security experts managed to catch malware in early stages, meaning that it did not spread widely. Nevertheless, it is perceived that around 100 infections took place before Google took off the malicious apps off their store.

Previous Sun Team attacks had been targeting Korean defectors as well

RedDawn is not the first malware attack carried out by Sun Team. Security researchers published a report in January 2018 about another string of malware attacks which targeted Korean defectors and journalists using Kakao Talk[4] and other social networks during 2017. It took two months before malicious apps were spotted and removed by Google.

Security researchers could confidently link these attacks to North Koreans based on the fact that they found some words on malware's control server that are not native to South Korea. Besides, the IP address also pointed to North Korea. 

According to research, around 30,000 North Korean people fled to South and more than 1000 are trying to escape the regime every year. Although Kim Jong Un recently was talking to American and South Korean leaders about ending a 60-year old war,[5] attacks like these prove how oppressive the views of North Korean leaders really are.

Prevent websites, ISP, and other parties from tracking you

Private Internet Access is a VPN that can prevent your Internet Service Provider, the government, and third-parties from tracking your online and allow you to stay completely anonymous. The software provides dedicated servers for torrenting and streaming, ensuring optimal performance and not slowing you down. You can also bypass geo-restrictions and view such services as Netflix, BBC, Disney+, and other popular streaming services without limitations, regardless of where you are.

A VPN is also crucial when it comes to user privacy. Online trackers such as cookies can not only be used by social media platforms and other websites but also your Internet Service Provider and the government. Even if you apply the most secure settings via your web browser, you can still be tracked via apps that you are connected to the internet. Besides, privacy-focused browsers like Tor is are not an optimal choice due to diminished connection speed.

Therefore, to stay completely anonymous and prevent the ISP and the government from spying on you, you should employ Private Internet Access VPN. It will allow you to connect to the internet while being completely anonymous, prevent trackers, ads, as well as malicious content. Most importantly, you will prevent the illegal surveillance activities that NSA and other governmental institutions are performing behind your back.


Recover your lost files quickly

Unforeseen circumstances can happen at any time while using the computer: it can turn off due to a power cut, a Blue Screen of Death (BSoD) can occur, or random Windows updates can decide to reboot the machine when you went away for a few minutes. As a result, your schoolwork, important documents, and other data might be lost.

Additionally, you might also be attacked by malware that can corrupt your Windows or encrypt files with a robust encryption algorithm, and ask for a ransom in Bitcoin for the decryption tool. Cybercriminals might not deliver what they promised, however, so it is better to attempt alternative file recovery methods that could help you to retrieve at least some portion of the lost data.

Data recovery software is one of the options that could help you recover your files. Once you delete a file, it does not vanish into thin air – it remains on your system as long as no new data is written on top of it. Data Recovery Pro is recovery software that searchers for working copies of deleted files within your hard drive. By using the tool, you can prevent loss of valuable documents, school work, personal pictures, and other crucial files.

About the author
Gabriel E. Hall
Gabriel E. Hall - Passionate computer expert

Gabriel E. Hall is an expert troubleshooter who has been working in the information technology industry for years.

Contact Gabriel E. Hall
About the company Esolutions


Your opinion regarding Infected Google Play apps are targeting North Korean defectors