North Korean government hackers snuck spyware on Android app store

According to the CyberCCURITIES FIRST LOCK, a group of hackers linked to North Korean regime uploaded Android Spyware on the Google Play App Store and some people were able to download it, according to the CyberSSCURITIES FIGHT.

In a report published on WednesdayAnd exclusively shared with TechCrunch before the period, Lukeout gives details involving different samples of a espionage promotion An Android spyware It tells Copsi that the company blames the North Korean government with “high confidence”.

At least one spyware application was downloaded on Google Play at least one time and more than 10 times according to the app page of the app page on the official Android App Store. Lukeout’s report includes a screenshot on the page.

In the past few years, North Korean hackers have been heading for their bold crypto hys, such as A recent steal of about $ 1.4 billion in etherium The Crypto Exchange aims to further the country’s banned nuclear weapons program. In case of promoting this new spyware, all the symptoms indicate the effectiveness of the spyware applications characterized by the lookout as a surveillance operation.

North Korea’s spyware promotion targets were not known, but Christophen Hebeisen, director of the Security Intelligence Research Research, told TechCrunch that the spayware app was probably targeting specific people with only a few downloads.

According to the Lukeout, Cospei collects “a broad amount of sensitive information”: SMS text messages, call logs, device position data, device files and folders, user-entertainment keystrokes, Wi-Fi network and installed applications.

Copes can record audio, take pictures with phone cameras and capture the screenshots of the screen by using.

Lukeout also found that Copsi relied on FierystoreA cloud database built on Google Cloud infrastructure to recover “Primary Configurations”.

Google spokesman Ed Fernandez told TechCrunch that Lukeout shared his report with the company and “all the applicable applications marked from the game have been removed from the game [and] Firebess projects with Copsi samples on Google Play have been disabled.

“Google Play automatically protects users from the familiar versions of this malware on Android devices with Google Play services,” Fernandez says.

This report has not commented on a series of specific questions about whether Google agreed with the report of North Korea’s rule and other details about the report of Luxout.

The report also states that Lukeout has found some spyware applications in the third -party App Store in Epicpur. An Epicpur spokesperson said the company did not receive “any email” from the lookout.

Person or people in control of the e -mail address listed on the Google Play page do not respond to the request for TechCrunch comments for hosting the spyware app.

Lukeout’s Hebeesen and Alemadar Islamoglu, a senior staff security Intelligence researcher, told TechCrunch that no information about who could be particularly targeted during the search – was hacked – effectively – it was probably a very targeted expedition to the people of South Korean, who were probably in South Korean.

The applications of the lookout are based on the names they found, some of which are in Korean language and some applications contain the Korean language title and the user interface supports both languages.

Lukeout also found that spyware applications used domain names and IP addresses that were previously marked as malware and present Command and control infrastructure The North Korean government hacking groups used by APT 37 and APT 43.

“What is interesting about North Korea threatened actors is that they think they are somewhat successful to get apps in the official App Store,” said Habisen.