SEOUL, Dec. 1 (Korea Bizwire) – Malicious code found in an Android bible app has been linked to a North Korean hacker group.
A hacker group thought to be from North Korea has reportedly planted malicious code in modified versions of the Android bible reading app ‘Godpeople’ which has been downloaded through an illegal app market.
According to security industry sources on Friday, a backdoor embedded in the copy version of the popular bible app ‘Godpeople’, which is available on the Google Play Store, was found by cybersecurity firms McAfee and Palo Alto Networks last month.
Once installed, the modified app is feared to give hackers power to remotely take control of smartphones, making the phone essentially a ‘zombie phone’, leading to various problems including personal information theft, location tracking and wiretapping.
The original app, however, is back on the Google Play Store, after the app’s developer pulled it for a week to conduct security tests.
According to data from security firms, no malicious code was found in the official app – which has been downloaded over 110,000 times – available via the legitimate Android app store.
Similar patterns were found between the malicious code found in the modified app and previous malicious code targeting PCs that was reportedly the work of Lazarus, which, according to McAfee, is a hacking group that has been linked to North Korea in the past.
It’s the first time Lazarus has been linked to malicious code for a mobile app.
The hacker group with possible ties to North Korea launched cyber attacks against the South Korean government between 2009 and 2012, as well as the infamous Sony Pictures hack in 2014.
In 2015, a number of banks in Vietnam, Poland, Mexico, and Taiwan were targeted by the group, while industry sources speculated Lazarus was behind the WannaCry ransomware attack in May.
It’s worth noting, however, that hacker groups often leave false information to erase traces, so the link between Lazarus and North Korea has yet to be proven conclusively.
Following the reports of malicious code, Godpeople issued announcements on its official website, urging users to be aware of illegal version of the app on the black market.
Hyunsu Yim (firstname.lastname@example.org)