It has been more than a month now since the epic hack on Sony Pictures and one thing that Sony has benefited from this is the publicity and marketing of their movie "The Interview", a comedy on assassination of North Korean President Kim Jong-Un.
It has been reported that one of the motives of the hack is to stop the releasing of this movie. This motive spurs curiosity and people wanted to see the movie despite threats by the hackers. To cut the story short, Sony decided to release the movie on December 24, 2014.
It has been reported that one of the motives of the hack is to stop the releasing of this movie. This motive spurs curiosity and people wanted to see the movie despite threats by the hackers. To cut the story short, Sony decided to release the movie on December 24, 2014.
Following the release of the movie, cybercriminals took advantage of it by releasing an android application that poses as streaming app for the movie.
The app does not have something special like autostart, receivers or services. It just have one activity which downloads another apk file hosted in AWS.
It will download from the following shortened URLs and will save the file in sdcard as "test.apk".
- http://f.cl.ly/items/132B2E2f0t46241d3s06/결혼청첩.apk
- http://f.cl.ly/items/1h1i2C2M1M2P1r0l2M3u/청첩장.apk
McAfee has reported that the downloaded apps are banking trojans.
However, during our testing, the downloaded apk files seems to be a corrupt apk which is a good thing as it will not be installed into your device. Amazon also took action by removing the file from servers.
One interesting thing about this app is that it will not download if the device names are as follows:
- 삼지연
- 아리랑
These are devices that are being sold in North Korea which makes you think, if this malware comes from North Korea.
Whether this comes from North Korea or not, it is important to always be mindful of what you are doing online. Cybercriminals will always find a way to steal money and now, with so many platforms to choose, it seems to be easier for them to do cybercrime.
Stay safe.