The SUN TEAM North Korean hacking group shows how quickly a device can be hacked

Here is how can you protect your device!

Our cybersecurity team discovered that many apps and cloud file-sharing software are being exploited by North Korean hackers to spy on their defector and people who are helping them. The North Korean hackers are launching a considerable spy campaign over multiple social networks, chat application and cloud sharing platform with the purpose of collecting illegal information about defectors, and people from South Korea that are helping them to defect. Our experts named this spy operation Sun Team; the government supported hacker group could not be identified or linked with any previous attacks, letting us think that they are a new group specially organized for spying purpose only.

This kind of attack can be stopped by using a suitable antivirus solution.
Windows users can download free antivirus solution CyberByte by clicking the banner below. The free antivirus will help you to know if your PC is infected. Windows free antivirus of CyberByte is an awarded software for malware detection.

Mac / MacOS / OS X users can download free Mac antivirus solution CyberByte by clicking the banner below. The free antivirus will help you to know if your Mac is infected. MacOS / OS X free antivirus of CyberByte is an awarded software for malware detection. The free antivirus for Mac is available for new MacOS and older OS X versions.

The Sun Team used Facebook and other social networks along with a favorite chat app in South Korea named KakaoTalk to deploy and reach targeted victims Android devices.
After a careful study of the infected APKs deployed by The Sun, our cybersecurity team has an idea of how the attack is made and how the victim is tricked to install the malicious software. In the process of infecting a targeted victim, there are used two fake apps BloodAssistant – healthcare app – and a second app named Pray for North Korea.

Shortened URLs were used to deliver these apps inside targeted victims devices. After a successful install of one of the apps inside of the targeted device the malware first check to see if it is already infected. If it is not infected a decoy video is played, which is used as a cover for the dialog box asking for users permission to grad access to all device function. Once the permissions are granted the malware reach multiple files designed for C&C purposes, stored in Dropbox, Google Drive or Yandex.

The files containing C&C instructions are diving the malware to store all sensitive information inside a temporary folder created on every infected device then upload the entire folder to a designated host owned by the hackers from The Sun Team.
For now, this is all we can tell about this Sun Team group; we will keep posting updates if our team discovers more about the identity of this cybercriminals. Until then use this situation as an excellent example of how quickly a user can be cyber attacked. For everyone to remain safe and secure in cyberspace, they must understand that nowadays extra layers of strong security are no more optional and the presence of a top antivirus is always a must inside every device that they own.

CyberByte Antivirus comes in two flavors:
MacOS Version – the free download Mac antivirus available on our website (https://mac.cyberbyte.org)
Windows Version – the free download Windows antivirus available on our website (https://pc.cyberbyte.org)
The free antivirus is with limited features.

The procedure is simple:

Just free download antivirus from CyberByte website either for Mac or Windows.
Install it using the antivirus installer package.
Windows and Mac users will free malware scan their devices. The scan duration depends on how many files the end user has.
CyberByte antivirus will show if any files are infected after the scan is finished.