Graham Cluley’s computer security website provides information about a Korean Android app that claims to offer a download of the movie “The Interview” is actually infecting smart phone’s with malware that is stealing banking information, analyzed by researchers at McAfee. If you are looking for a free version of the film, think twice before downloading this app. www.grahamcluley.com
Following the devastating hack upon its computer systems by a hacking group which might (or might not) have the blessing and backing of North Korea, Sony Pictures flip-flopped as to whether the Seth Rogan comedy about the assassination of Kim Jung-un would have a Christmas Day release.
Eventually, the movie had a limited Christmas Day release in the States, much wider online availability for US internet users via sites like YouTube, and an even wider still copyright-infringing distribution via torrent sites.
But the computer security story surrounding “The Interview” doesn’t end there.
Fake Android Interview App
Researchers at McAfee – in a joint investigation with the Technische Universität Darmstadt and the Centre for Advanced Security Research Darmstadt (CASED), has identified that a threat campaign has been active in South Korea in the last few days, attempting to exploit the media frenzy surrounding “The Interview”‘s release.
McAfee security expert Irfan Asrar tells me that a torrent making the rounds in South Korea, poses as an Android app to download the movie to mobile devices.
However, in truth, it contains an Android Trojan detected by McAfee products as Android/Badaccents.
Android/Badaccents claims to download a copy of “The Interview” but instead installs a two-stage banking Trojan onto victims’ devices.
The banking Trojan, which was hosted on Amazon Web Services, targets customers of a number of Korean banks, as well as one international bank (Citi Bank).
One aspect which will probably raise eyebrows, is that the malware code includes a routine to check the device’s manufacturing information. If it is set to either 삼지연 (Samjiyon) or 아리랑 (Arirang), smartphone manufacturers whose Android devices are sold in North Korea, the malware will not infect, and instead display a message that an attempt to connect to the server failed.