RedDawn Android Malware Is Harvesting Personal Data of North Korean Defectors

According to security company McAfee, North Korea uploaded three spying apps to the Google Play Store in January that contained hidden functions designed to steal personal photos, contact lists, text messages, and device information from the phones they were installed on. "Two of the apps purported to be security utilities, while a third provided information about food ingredients," reports The Inquirer. All three of the apps were part of a campaign dubbed "RedDawn" and targeted primarily North Korean defectors. From the report: The apps were promoted to particular targets via Facebook, McAfee claims. However, it adds that the malware was not the work of the well-known Lazarus Group, but another North Korean hacking outfit that has been dubbed Sun Team. The apps were called Food Ingredients Info, Fast AppLock and AppLockFree. "Food Ingredients Info and Fast AppLock secretly steal device information and receive commands and additional executable (.dex) files from a cloud control server. We believe that these apps are multi-staged, with several components."

"AppLockFree is part of the reconnaissance stage, we believe, setting the foundation for the next stage unlike the other two apps. The malwares were spread to friends, asking them to install the apps and offer feedback via a Facebook account with a fake profile promoted Food Ingredients Info," according to McAfee security researcher Jaewon Min. "After infecting a device, the malware uses Dropbox and Yandex to upload data and issue commands, including additional plug-in dex files; this is a similar tactic to earlier Sun Team attacks. From these cloud storage sites, we found information logs from the same test Android devices that Sun Team used for the malware campaign we reported in January. The logs had a similar format and used the same abbreviations for fields as in other Sun Team logs. Furthermore, the email addresses of the new malware's developer are identical to the earlier email addresses associated with the Sun Team."

"harvest"

That term is thrown around way too much

How is this possible?

[110010001000]

I don't understand. Why doesn't AI find programs that contain this behavior and remove them from the app store?

Re:How is this possible?

[Narcocide]

Because there's no such thing as A.I., like you're thinking of it. Not in real life, anyway. There's some theoretical stuff that could work one day, but what companies like Amazon and Google are marketing as "A.I." right now aren't fundamentally more intelligent than a 1980's era chess machine. All that has changed since then is how big of a state tree computers can hold at once, and how fast they can traverse it.

Re:How is this possible?

I don't understand. Why doesn't AI find programs that contain this behavior and remove them from the app store?

It should be possible to submit a buildable project to the app store, and then automatically check that project for obvious obfuscation. Application developers could agree to review other peoples application under a NDA to get the same done to their own. I'd assume you'd need to review quite a few for every one of your own that were reviewed to have some additional resistance against people not doing their jobs. (People caught not bothering to check their assigned code could be banned from the store, just like people who submit malicious code, or who are caught using other peoples code.)

A score could then be established based on the reputation of the developer and the reputation of the reviewers. You might even be able to pay some to get skilled reviewers to cover it. This score could be used to help rank results and filter out crap.

As far as AI goes, I'm just not buying an AI is going to stay one step ahead in this particular game.

Re:How is this possible?

[AHuxley]

That would block ads and detract from the look and feel of the OS for investors.
Consumers are the product and their data is the profit.

Re:How is this possible?

Al? From Quantum Leap? Isn't that kind of mission creep on his part?

Re:How is this possible?

[110010001000]

Say what? I heard AI was real.

Re:How is this possible?

[SeaFox]

Say what? I heard AI was real.

You were probably at a VC funding event of some sort.

Re:How is this possible?

[Narcocide]

What you're hearing is wishful thinking from people who have just started to notice we have really fast computers now. Computers that are fast enough that they can meaningfully crunch ridiculous amounts of data like that within a short enough time frame to be useful. Then of course a bunch of advertisers figured out how to do evil with it. But it's not magic, it's just basically statistics on steroids, mixed with some evolutionary learning algorithms.

Never give in, e'en in the face of apocalypse...

[Impy+the+Impiuos+Imp]

It's just fucking metadata! Who cares if North Korea knows who is in the defectors' contact netsworks as long as they don't know the content of the calls!!!

Fuck the US for ever and ever, trading a prosaic crime conviction notch on the belt of an investigator for hundreds of millions continuing to live with a boot on their face, forever.

Re:Never give in, e'en in the face of apocalypse..

[Impy+the+Impiuos+Imp]

Are you, dear reader, a US CIA or other agent, reading the sense of The People for your job? You are the problem, arguing for metadata when King George 250 years ago would have used metadata to round up all the Founding Fathers.

Congratulations, you Tool of Tyranny.

How are the android devices infected?

do they hand out android phones to defectors as they go?

Re:Never give in, e'en in the face of apocalypse..

[AHuxley]

The thinking would be that a North Korean would be many generations behind in food, language use and culture.
Step by step cooking and lifestyle apps that presented Korean food, way of life, language use. In an easy to follow way would be a way to for a defector to study and discover in their own time.
The words used would be telling for any Korean app search terms. Vocabulary, jargon, slang, international words, fashion, brands would allow per app per user filtering.
The Korean terms to cook French food would be different from a move simple Korean search request on how to cook.
Not apps listed for people new to Korea learning Korean with another language listed. Korean apps about life in South Korea in Korean as bait.
South Koreans would on average not need apps like that as they would have been educated within that culture, had the food prepared for them, be looking for a restaurant.
A South Korean might want to show their French, German, Japanese, American food skills and buy into more international and advanced food, lifestyle apps.
A South Korean could want an app about expensive international car bands. A North Korean on a limited budget now in South Korea could be more interested in their first app for a first South Korean car.
The tracking then gives North Korea a location to study. A home to watch for defector support services and contractors. Doctors, lawyers, South Korean mil, gov, academics with decades of questions and visits.
Track the few approved gov/mil visitors and find more defectors.
Track the defector to a "secret" gov/mil support building and track everyone in and out. A lot of other defectors and all the people who are cleared to work with defectors.
Its all about movement and location of everyone working with defectors. Its not a long list as the CIA and South Koreans are very protective due to past human spying efforts. Find the short list of approved support staff in South Korea and track them all. One defector trusting one app can uncover a lot of South Korean gov/mil support networks and other defectors.

The easy way for South Korea to prevent that would be to give defectors lots of printed books on every aspect of South Korea culture.
No lifestyle app networks to follow back. But its digital and thats so new and fun.

North Korea is doing what the CIA, NSA, FBI, MI5/6, DEA, AFT does with gov created advanced study guides on software, apps, ebooks on topics within their areas of interest.
Create the prefect ebook, app topic, blog and see who buys, downloads.

The Ad

[dohzer]

"Hey, are you a North Korean defector? Download this hip new app!"

Re: The Ad

I wouldn't doubt that there is a market focused on northern koreans in South Korea.

Re:Never give in, e'en in the face of apocalypse..

It's just fucking metadata! Who cares if North Korea knows who is in the defectors' contact netsworks as long as they don't know the content of the calls!!!

I think any north korean who found themselves in a defectors contact network would care immensely. The regime hasn't exactly been withholding in punishing entire families for the perceived counter-revolutionary mishaps of a single individual. Mere suspicion of dissent is enough to land you in hot water in NK.

Gee, I think I know who authored that.

The Kim regime is afraid of a flood of defectors and will resort to any form of intimidation to silence them and frighten others from fleeing NK if they're unable to imprison and kill them. These criminal regimes need to be eradicated.

What's wrong exactly?

I've read the whole blurb, but not the articles of course, and I'm left wondering why this behavior is wrong, or rather how it differs from what "legitimate" apps actually do. If these apps get banned, maybe they should stop downloading .dex files whatever they are, and download javascript instead like everyone else, or use the Google store to download updates. Then, demand the apps to be reinstated.
I was intending this as sarcasm but.. Is there much of a difference? Was North Korea greedy, or out of the loop and should have realized they should have published legitimate, regular apps to achieve their goals?

Re: Never give in, e'en in the face of apocalypse.

Were the founding fothers related to the founding fathers?

No that's not true.

[i286NiNJA]

Well considering that random forest wasn't even invented until 1995. You're wrong.
That aside deep neural networks have moved from academia and into commercial production use where they're discovering new applications all the time and they're not even distantly related to game-trees.