Malicious Android app promises to download the movie
Users in South Korea are currently lured with an Android app claiming to download “The Interview” comedy on their mobile devices in order to have their devices infected with banking malware.
All the online frenzy surrounding the release of the movie was quickly taken advantage of by cybercriminals to trick users into getting their devices compromised. And what better audience would there be for this if not South Koreans?
Citi Bank is also targeted by the Trojan
It appears that the Trojan is hosted on Amazon Web Services and it is delivered via a torrent file. The campaign has been discovered by McAfee researchers in cooperation with the Technische Universität Darmstadt and the Centre for Advanced Security Research Darmstadt (CASED), security blogger Graham Cluley
reports.
Detected as Android/Badaccents by products from McAfee, the malware targets Korean banks, as well as Citi Bank. Cluley says that the researchers have discovered that the Trojan is selective about its victims and avoids infection of devices sold in North Korea.
This is achieved by verifying the device manufacturer information. If Samjiyon or Arirang are detected, then Badaccents informs the user that a connection to the server could not be established and the download of the movie cannot be completed.
North Koreans are not infected
Information from McAfee reveals that about 20,000 infections have been recorded and that the data exfiltrated from the devices is uploaded to an email server in China.
According to the researchers, users from North Korea are avoided not because of political reasons, but because they are unlikely to be customers of the targeted banks.
Amazon has been notified of the malware hosting issue; but other online storage services could be used for carrying out the campaign.
Generally, cybercriminals infect mobile devices by uploading malicious apps to third-party Android marketplaces that are not properly curated, if at all, by their administrators.
However, in this case, they chose to deliver the Trojan through torrent websites, probably because “The Interview” is already at the top of search results in these locations.
South Korean’s interest in the comedy is understandable, since the movie is about the fictional assassination of the North Korean leader, Kim Jong-un.
After initially cancelling the release of the picture,
Sony decided to deliver it, first via the online services from Google (Play and YouTube) and Microsoft (Xbox Video) on December 24, and then in cinemas, on Christmas Day.
Fans can now rent it for $5.99 / €4.90 or they can purchase a digital version for $14.99 / €12.30; or they can watch it in theaters across the United States.
Comments
Post a Comment