Despite the strict security Google has imposed on the filtering system, there is plenty of malware on Google Play Store, which is normal. Many attackers are making use of device permissions and other details so that they can steal private-information and even sell them. However, according to a recent report from McAfee, some North Korean hackers are using Android apps to track people who have left North Korea. The idea of these apps is to get into the devices of the defectors, steal information and send it to servers with unknown origin or purpose. This puts not just defectors but almost every Android user in danger.
Out of the many apps discovered by McAfee, two of them are posed as security apps, which is a better way to get it installed by the Android user. Once installed on the device, the app — which already has sufficient permissions — runs some executable code to gather personal information, device data, personal photos and many others. The noticeable part here is that the defectors would not know that their security is at stake. It is using services like Dropbox and Yandex for data transfer and command reception. The attackers are using platforms like Facebook to find out defectors and target them.
This is not the first time North Korean attackers are using Google Play Store to launch malicious apps that can track defectors and others. This move is a part of a bigger project named RedDawn, which wants to track down specific people. It needs to be noted that most of the infectious apps are still ‘Unreleased’, which means that users are trying out the beta version. Also, in light of what McAfee has to say, it is not right to blindly trust the anti-malware security imposed by Google. On the other hand, users have to do some kind of digging to know about the developer and purpose.
