Cybercriminals have released a malicious “The Interview” application which runs on Android devices. The malicious application has been found by the Technische Universität Darmstadt and the Centre for Advanced Security Research Darmstadt (CASED)and the researchers of McAfee.
The malicious “The Interview” application is using the malicious code which is identified as the Android/Badaccents Android Trojan.
The Android/Badaccents trojan claims to download a copy of “The Interview” but instead it silently installs a banking Trojan on the victims device.
The McAfee and CASED researchers made the following mention on the Android/Badaccents trojan:
One aspect which will probably raise eyebrows, is that the malware code includes a routine to check the device’s manufacturing information. If it is set to either 삼지연 (Samjiyon) or 아리랑 (Arirang), smartphone manufacturers whose Android devices are sold in North Korea, the malware will not infect, and instead display a message that an attempt to connect to the server failed.
It seems that the Android malware is not targeting North Korean devices. The information clearly shows that the Samjiyon and the Arirang devices are not infected by the malicious “The Interview” Android application.
Asrar says that he does not currently believe the limiting of infections to non-North Korean made devices was politically motivated, but instead a commercial decision not to waste bandwidth on users who were outside the targeted region (as North Koreans were unlikely to be customers of the targeted banks).
The malicious “The Interview” application has infected around 20 000 devices. The researchers were able to found out that the banking information which is stolen from the infected devices is being send to a Chinese mail server.