North Korea-linked hackers targeted defectors with Android spyware
The campaign, nicknamed RedDawn, isn’t Sun Team’s first. McAfee spotted another initiative in January. That effort, however, required downloads outside of Google Play — the would-be victims had to go out of their way to download the apps. This tactic might have been more convincing when many users explicitly trust Google Play and its anti-malware screening.
It’s not completely certain that North Korea’s government is behind RedDawn. McAfee told Ars Technica that it believed Sun Team was distinct from the state-backed Lazarus group that has been launching attacks for years. It’s also unclear that the campaign was successful given that there are no publicly known infections. The targets and the purely spying-oriented nature of the code make North Korea’s regime a strong candidate, though. And whoever’s responsible, this is more than a little concerning. It suggests that you’re not safe from politically motivated malware attacks even if you limit your app downloads to official stores.