Malware Alert: Fake Android ‘The Interview’ Movie App Stealing Bank Account Information
Following the hype the movie set recently, with Sony being hacked and North Korea being blamed, Sony decided it would be fit to open the film to 300 movie theaters as well as online. While the film ended up making only $1 million from movie theater sales, it made $15 million from online rentals and purchases.
The App Contains a Malware Known as a Two-Stage Banking Trojan
The creators of the malicious app were no doubt following the hype and chaos of the movie; preying on people unaware of the dangers that the internet can bring.
According to security researcher Graham Cluley, McAfee, the Technische Universitat Darmstadt and the Centre for Advanced Security Research Darmstadt (CASED) have all identified the malware. Jointly, they said that the threat has been active in South Korea for the past few days.
The torrent poses as an Android app, offering to download the movie for them onto their mobile device. Instead of downloading The Interview though, the app contains a malware known as a two-stage banking Trojan. Once the app is downloaded, the Trojan makes its way into the device and targets customers of Korean banks, as well as customers of the international Citi Bank.
What Is The Malware?
The Trojan in question is known as Android/Badaccents.
One of the more interesting features of the malware is that checks the Android’s manufacturing information and differentiates attacks accordingly.
If the phone belongs to someone in South Korea, it attacks. If the phone belongs to someone in North Korea, it will not infect; the app will simply display an error message.
To date, 20,000 devices has shown signs of infections. According to McAfee, all the infected devices seem to be relaying the bank account information back to a Chinese mail server.
Images from Shutterstock.