According to researchers, a team of hackers affiliated with North Korea recently managed to conduct an operation to steal the personal data of people who defected from the dictatorial regime. And they did it using Google Play.
The hackers apparently were able to host at least three Android apps on the Play Store, which were designed to secretly siphon a userĄ¯s data and send it back to North Korea. The apps first appeared in January, and werenĄ¯t removed until March, when Google was privately notified by the researchers from McAfee.
The company posted a blog entry this week, detailing both the study and the apps involved. Two of them masqueraded as security apps, while the third was supposedly an informational app for food ingredients. Functions buried in these apps would then steal information from the device, including personal photos contact lists, and messages.
The hackers didnĄ¯t just let loose the apps into the wild either, hoping they would find their marks. They, in fact, selected individuals they should be spread to, usually contacting them over Facebook for it. Over time, the three apps gained about 100 downloads between them before they were removed by Google.
And if that number looks small to you, it was intentional. After all, a nation backing a cyber-espionage campaign doesnĄ¯t want it widely known online. More effective would be to keep the download numbers small, and therefore undetected.
North Korea has in fact had a history of activity in cyber warfare across the world. One of their groups, named Lazarus, is credited with multiple hits, including the 2014 hack of Sony Pictures that wiped almost a terabyte of data after ransom demands were rejected. In fact, Lazarus is even believed to be responsible for the release of the WannaCry ransomware that shut down corporations and institutions across the world last year.