Lazarus Cybercrime Group Moves to Mobile Platform
When it comes to describing cyberattacks, the word sophisticated is used a lot. Whether to explain yet another “advanced” campaign by a threat actor group hoping to steal information or disrupt computer systems, it seems the precursor to any analysis is to call it sophisticated. Yet the modus operandi for many of these groups is to begin an attack with a simple email, which for some time has been one of the most effective malware delivery mechanisms.
The McAfee Mobile Research team has identified a new threat—Android malware that poses as a legitimate app available from Google Play and targets South Korean users—that suggests a deviation from the traditional playbook. An analysis of campaign code, infrastructure, and tactics and procedures suggests the Lazarus group is responsible, as they evolve their attack tactics to now operate within the mobile platform. And although the debate regarding attribution of attacks will always rage, documenting evolving tactics by threat actor groups allows organizations and consumers to adapt their defenses accordingly.
Evolving Attack Tactics
Leveraging email as the entry vector allows attackers to be very specific about whom they wish to target, often described as the spear phishing. Developing a malicious application does not provide the same level of granularity. However, in this instance the attackers developed malware that poses as a legitimate APK, advertising itself as means for reading the Bible in Korean. Leveraging the mobile platform as the attack vector is potentially significant—particularly as South Korea has a significant mobile population that is “in a race to be first with 5G,” according to a Forbes article. Typically when a mobile platform is mentioned, we think about our mobile phones. However, in this case, we know South Korea has an increasing use of tablets, replacing traditional laptops. How well secured are tablets and how are they monitored?
Evolving attacks onto the mobile platform are likely to continue, and this appears to be the first example of the Lazarus group using mobile. Such a change, therefore, is significant, demonstrating that criminals are keeping up with platform popularity. Indeed, according to the International Telecommunication Union, the global number of mobile subscriptions worldwide now exceeds the global population, which suggests that such a tactic is only likely to increase as our dependency on mobile platforms grows.
Source: International Telecommunication Union.
Keeping Safe
Understanding the evolving tactics by nefarious actors is imperative. It is critical that we adopt simple security measures to counter these new tactics. This malware is detected as “Android/Backdoor” by McAfee Mobile Security. Always keep your mobile security application updated to the latest version. And never install applications from unverified sources.
The post Lazarus Cybercrime Group Moves to Mobile Platform appeared first on McAfee Blogs.
Read more: Lazarus Cybercrime Group Moves to Mobile Platform
More antivirus and malware news?
- Revenge-porn website victim files suit against ex and four porn sites
- Smarter Homes & Gardens: Protecting the Smart Devices in Your Home
- U.S. Agencies Share More Details on ADSelfService Plus Vulnerability Exploitation
- Amazon’s trying to get Alexa to stop laughing at us
- Vulnerabilities Patched in Atlassian, Cisco Products
- LusyPOS Malware Seen in Russian Underground Forums
- With BlackBerry reportedly hacked, is anything secure?
- What to look for when evaluating password manager software
- The Office 2016 team just killed Windows 10 Mobile
- US Charges Two Men Over Use of Hacked Law Enforcement Database for Doxing