Malware Alert: Fake Android ‘The Interview’ Movie App Stealing Bank Account Information

Reports surfacing are outlining a new Android app, designed to look like one for the controversial Sony movie, The Interview, are stealing thousands of bank account details.

Following the hype the movie set recently, with Sony being hacked and North Korea being blamed, Sony decided it would be fit to open the film to 300 movie theaters as well as online. While the film ended up making only $1 million from movie theater sales, it made $15 million from online rentals and purchases.

Also read: BitTorrent Inc. Offers Digital Release Bundle of ‘The Interview’ Film to Sony

The App Contains a Malware Known as a Two-Stage Banking Trojan

Android appsBut once the film was online, it was quickly posted on all major torrent sites, making it quite popular to download for free.

The creators of the malicious app were no doubt following the hype and chaos of the movie; preying on people unaware of the dangers that the internet can bring.

According to security researcher Graham Cluley, McAfee, the Technische Universitat Darmstadt and the Centre for Advanced Security Research Darmstadt (CASED) have all identified the malware. Jointly, they said that the threat has been active in South Korea for the past few days.

The torrent poses as an Android app, offering to download the movie for them onto their mobile device. Instead of downloading The Interview though, the app contains a malware known as a two-stage banking Trojan. Once the app is downloaded, the Trojan makes its way into the device and targets customers of Korean banks, as well as customers of the international Citi Bank.

What Is The Malware?

The Trojan in question is known as Android/Badaccents.

One of the more interesting features of the malware is that checks the Android’s manufacturing information and differentiates attacks accordingly.

If the phone belongs to someone in South Korea, it attacks. If the phone belongs to someone in North Korea, it will not infect; the app will simply display an error message.

To date, 20,000 devices has shown signs of infections. According to McAfee, all the infected devices seem to be relaying the bank account information back to a Chinese mail server.

Images from Shutterstock.

Clay Gillespie a writer and reporter for many different platforms across the tech industry. He holds a B.S. in Public Relations from Ball State University, and freelances for different clients in technology and cryptocurrency. For more information, visit his personal website,