Join us at TNW Conference 2022 for insights into the future of tech →

The heart of tech

This article was published on November 21, 2017

Korean Bible reading app turns your Android phone into a botnet

Korean Bible reading app turns your Android phone into a botnet
Mix
Story by

Mix

Former TNW Writer

Mix is a tech writer based in Amsterdam that loves cinema and probably hates the movies that you like. Tell him everything you despise about Mix is a tech writer based in Amsterdam that loves cinema and probably hates the movies that you like. Tell him everything you despise about his work on Twitter.

A mischievous band of hackers is using the spirit of Christ to infect unsuspecting users. Researchers have discovered new malware which poses as a legitimate Google Play app for reading the Bible in Korean, but ultimately turns infected Android phones into a botnet.

The malicious app was discovered independently by both McAfee and Palo Alto Networks. Curiously, both companies remark that, given the similarities in the code, the malware was likely developed by members of the Lazarus cybercrime group.

The McAfee team notes that the app “contains a backdoor file in the executable and linkable format (ELF)” – a technique commonly employed by the Lazarus Group.

The malware has been disguised as a legitimate Android app appearing on Google Play, but it remains unclear whether the infection ever made it to Google’s software distribution platform. McAfee says the app was never available on the Play Store, while Palo Alto Networks insists the opposite.

The legitimate app was downloaded over 1,300 times, according to McAfee. It’s not clear how many users have installed the malware on their handsets, though.

Once the malicious application package (APK) installs its code, it executes backdoor ELF and – assuming the attack is successful – proceeds to turn the device into a bot.

According to Palo Alto Networks, the malware primarily targets Korean users with Samsung handsets. McAfee, on the other hand, points out that, while it remains unclear whether this is the first time Lazarus has targeted mobile devices, it sure seems the group is “now operating in the mobile world.”

So in case your phone starts acting erroneous after your latest Bible reading session in Korean, don’t immediately take it as a sign of God – it’s probably a hacker.

[H/T Lukas Stefanko]