Malware in bus apps could come from NorthGlobal cyber security firm McAfee has discovered that four Korean Android bus apps contained malware that exported files containing keywords related to national defense from a user’s smartphone to a remote server.
Local news, which began reporting the findings made by McAfee’s Mobile Research team on Sunday, raised the possibility that the malicious apps could be linked to North Korea.
According to McAfee and Yonhap, apps that provided bus stop and arrival time information for the cities of Daegu, Jeonju, Gwangju and Changwon contained malicious software that tried to steal the user’s Google account log-in information and export smartphone files containing specific keywords, such as “Blue House,” “summit,” and “Special operations.”
For all four apps, which were published by the same developer since as early as 2013, only the version updated on Aug. 9 of last year was infected. Though the apps were very popular - with the Jeonju bus app downloaded over 500,000 times before it was taken down - the number of devices actually infected was low. The infected apps have since been removed from Google Play store and replaced with apps from a different developer offering the same information.
“This malware has not been written for ordinary phishing attempts, but rather very targeted attacks, searching the victim’s devices for files related to the military and politics, likely trying to leak confidential information,” the McAfee report read.
In Korea, news outlets have suggested the malicious apps could be linked to covert activities from North Korea. The malware in the app was programmed to scan for a host of North Korea-related keywords, including “North and South,” “Ministry of Unification” and even “Defect.”
Online phishing activities targeting South Korean email and other online channels have become increasingly common in recent years. Just last month, 77 reporters covering the Unification Ministry received an email with a malware-infected file from a hacking group that some experts traced back to Pyongyang.
BY KIM EUN-JIN [firstname.lastname@example.org]