Skip to main content

The Google Play store hosted malware meant to steal from North Korean defectors

McAfee researchers have discovered that hackers with links to the North Korean regime managed to make Google complicit in stealing information from defectors from the nation. As per a recently published blog post, the Google Play store has apparently been playing host to at least three apps designed to collect data from specific individuals. Two of these apps were posing as security apps, while the third claimed to provide food ingredient information. But what they really did was steal information from devices and receive certain code that allowed them to further access data like photos, contact lists, and even text messages.

In most instances, McAfee found the apps were generally sent to select users, generally by contacting them via Facebook. By the time McAfee privately notified Google as to the existence of these apps, 100 folks had already downloaded them, and the apps had been live in the Google Play store for three months — from January to March. Alas, this highlights the shortcomings of Google’s filters that are intended to keep out malware.

Recommended Videos

The alleged actor behind these apps doesn’t appear to be a new player in the hacking scene. Back in January, McAfee noted that it had found malicious apps intended to infect North Korean journalists and defectors’ devices. The group behind these apps was subsequently named Sun Team, and is apparently the same group behind these latest apps.

At the very least, the apps were all linked to the same developer email address. Moreover, McAfee found that the words used in the control servers were common in North Korea, but not South Korea. There was also a North Korean IP address discovered in a test log file of some Android devices connected to account used to send out the malware. This has led researchers to believe that the attacks are based in the isolated nation.

“These features are strong evidence that the actors behind these campaigns are not native South Koreans but are familiar with the culture and language,” McAfee researchers wrote. “These elements are suggestive, though not a confirmation, of the nationality of the actors behind these malware campaigns.”

Lulu Chang
Former Digital Trends Contributor
Fascinated by the effects of technology on human interaction, Lulu believes that if her parents can use your new app…
Google Play improves privacy, payments, and subscriptions 
Person holding Samsung Galaxy smartphone showing Google Play Store.

Google is introducing several new features that will help game and app developers to engage and grow their audience while further improving privacy and security.

At this year’s Google I/O conference, the Google Play team is focusing on new initiatives to create an even safer app ecosystem for users and developers alike while also adding new tools for developers. These include new custom store listing options, increased flexibility in pricing models for in-app subscriptions, and more. The Google Play team outlined these new initiatives during its What’s New in Google Play session at Google I/O 2022.

Read more
Google faces lawsuit over controversial Play Store change
Google Play Store on the OnePlus Nord 2.

Google has started requiring all Android apps sold in the Play Store that use in-app payments to use Google's Play Store billing system and nothing else -- or leave the store. This hasn't gone down well with the Match Group, creator of dating services including Tinder and the eponymous Match. The company is now suing Google over monopolistic and anti-competitive actions, alleging irreparable harm to Match's business and calling the move to remove its app a "death knell threat" to their business.

Google had previously allowed Match's apps, including Tinder, to opt out of using the Play Store's billing system, but the company has changed its mind in recent months. Rather, it will be requiring all apps in the Play Store which support in-app Payments to use Google's Play billing system without the option of a third-party payments processor. This will exclude apps that sell physical goods like Uber Eats and Amazon, but ensnare those which sell digital goods like Amazon's Audible and Kindle apps. For Match, which had previously been allowed to run its own payment system side-by-side with Google's, the move comes as a slap in the face.

Read more
Google Play Store helps find the apps invading your privacy
Instagram app on the Google Play Store on an Android smartphone.

Google has implemented a feature that requires app makers to disclose what data their apps are taking from users. Starting today, Android users will be able to see specific information about their apps' data collection through the Google Play Store. The data is accessible in the Play Store via the "Data Safety" tab listed in the information section for all apps.

With Google's announcement that the feature's rollout is live, the company notes that not all apps will be showing what privacy data they collect immediately. App makers have until July 20, 2022, to provide the Play Store with privacy information, making the feature something of a gradual rollout. It's likely that apps that take more types of data (like social media apps) will take longer to post the required info due to the sheer number of data points they collect when compared to something simpler such as an offline game.

Read more