ICC Note: A North Korean hacker group called Lazarus created an Android malware app called “The Bible’ which could be used to target GodPeople organization, a group sympathetic to Christians in North Korea and has helped produce a movie about the underground church in the country. The scope of this malware’s capabilities is still unclear but the McAfee researchers believe that many commands are related to downloading and browsing of files. The North Korean regime is known to be extremely hostile towards Christians and foreign Christian organizations. This example shows that North Korea is ready to use technology to spy on foreign organizations who want to help persecuted Christians in North Korea.
11/21/2017 North Korea (International Business Times) – The North Korean hacker group Lazarus, appears to have upped its game in going after targets. Security experts believe that the state-backed hackers have created an Android malware to hack into their targets’ phones. Researchers suspect that this time, the hackers are targeting their rival South Korea.
The Lazarus hackers designed a backdoor malware that poses as a legitimate app – The Bible – which is an app that translates the holy book into Korean. According to researchers at McAfee, who discovered the malware, this is likely the first known instance of the North Korean hackers using an Android malware to target mobile users.
McAfee researchers said the “code, infrastructure and tactics” suggest that the Lazarus group is “responsible” for the attack and that the move to mobile indicates that the hackers are evolving their tactics. The malware likely first appeared in the wild in March and has so far, had a limited distribution – only targeting Koreans. It is still unclear as to the scope of the Lazarus-created backdoor malware’s capabilities.
“Once the attackers have the backdoor installed, a variety of actions can be taken on the compromised device to keep it active for a longer period of time. Many of the commands in the backdoor are related to uploading downloading and browsing of files,” Raj Samani, chief scientist at McAfee said, Dark Reading reported.
Who are GodPeople and why is Lazarus going after the organisation?
According to McAfee researchers, the hackers may likely be going after the GodPeople organisation because the group has “a history of supporting religious groups in North Korea”.
“GodPeople is sympathetic to individuals from North Korea, helping to produce a movie about underground church groups in the North. Previous dealings with the Korean Information Security Agency on discoveries in the Korean peninsula have shown that religious groups are often the target of such activities in Korea,” McAfee researchers said in a blog.
A report by Forbes last year, Pyongyang has a deep-seated intolerance for any religion and North Korean citizens are found following any religion – be it Buddhism or Christianity – are sent to “political prisons” where they face torture, rape, abuse, enslavement and more. This could explain why Pyongyang’s hackers may be going after GodPeople.