It’s not uncommon for malware-ridden apps to make their way to the Play Store. The people behind them either want to scam users or just push less than desirable ads to make a quick buck. Their motives aren’t as sinister as those of a North Korean group of hackers. McAfee researchers found that a North Korean hacking group nicknamed Sun Team recently posted three infected Android apps to the Play Store in a bid to target those who have defected from North Korea.
The infected apps remained on the Play Store for three months and were only removed after Google was notified about them privately. They had about 100 downloads before they were removed.
The report adds that the hackers then reached out to the defectors over Facebook to try and get them to install the seemingly harmless apps related to food and security. Once the apps were installed, they would lift data such as text messages, photos, and contacts to send them back to the hackers using Dropbox and Yandex.
McAfee believes that the Sun Team is different from another North Korean hacker group known as Lazarus. That group is believed to have the state’s backing while it’s unclear if Sun Team has the same level of support.