A North Korea-linked hacking organization known as the Lazarus Group, the culprits behind the Sony Pictures hack in 2014, has begun targeting mobile phones.
“[Two weeks ago], the mobile team came to my team with malware targeting South Korea,” McAfee Lead Scientist and Principal Engineer Christiaan Beek told The Hill. “It contained artifacts we had seen before.”
The malware is embedded in a tainted version of a Korean-language Bible study app. The legitimate version of the app from the Google Play store has been downloaded 1,300 times. Users become undetermined and ultimately victimized when accidentally downloading the fake, virus-laden version of the app.
Lazarus Group is best known in the United States for catastrophically interrupting business at Sony Pictures in response to the movie “The Interview,” a controversial comedy movie depicting the assassination of North Korean leader Kim Jong Un.
The group has attacked South Korean government systems and, since 2015, committed a series of digital bank robberies by stealing hundreds of millions of dollars. The hackers were responsible for this year’s WannaCry malware outbreak that hit on international businesses and government networks, including hurting hospitals throughout the United Kingdom.
Beek said the malware shares attributes with past desktop malware manufactured by Lazarus, including a “proprietary, fake version of the Transport Layer Security protocol, and the use of the same command and control servers the group has previously used,” according to The Hill.
He added that the intention of the malware was not immediately clear, theorizing it may have been intended as a “trial flare” for mobile-specific attacks. The malware is detailed in a Monday report released by McAfee.
While the report links the attacks to Lazarus, it does not explicitly link Lazarus to North Korea. However, several Lazarus attacks, including the Sony and WannaCry attacks, have been linked by U.S. and British Intelligence to North Korea.