A mischievous band of hackers is using the spirit of Christ to infect unsuspecting users. Researchers have discovered new malware which poses as a legitimate Google Play app for reading the Bible in Korean, but ultimately turns infected Android phones into a botnet.
The malicious app was discovered independently by both McAfee and Palo Alto Networks. Curiously, both companies remark that, given the similarities in the code, the malware was likely developed by members of the Lazarus cybercrime group.
The McAfee team notes that the app “contains a backdoor file in the executable and linkable format (ELF)” – a technique commonly employed by the Lazarus Group.
The malware has been disguised as a legitimate Android app appearing on Google Play, but it remains unclear whether the infection ever made it to Google’s software distribution platform. McAfee says the app was never available on the Play Store, while Palo Alto Networks insists the opposite.
The legitimate app was downloaded over 1,300 times, according to McAfee. It’s not clear how many users have installed the malware on their handsets, though.
Once the malicious application package (APK) installs its code, it executes backdoor ELF and – assuming the attack is successful – proceeds to turn the device into a bot.
According to Palo Alto Networks, the malware primarily targets Korean users with Samsung handsets. McAfee, on the other hand, points out that, while it remains unclear whether this is the first time Lazarus has targeted mobile devices, it sure seems the group is “now operating in the mobile world.”
So in case your phone starts acting erroneous after your latest Bible reading session in Korean, don’t immediately take it as a sign of God – it’s probably a hacker.
[H/T Lukas Stefanko]