{"id":7294,"date":"2014-12-29T10:30:20","date_gmt":"2014-12-29T15:30:20","guid":{"rendered":"http:\/\/blog.nccomputertech.com\/?p=7294"},"modified":"2014-12-29T10:30:20","modified_gmt":"2014-12-29T15:30:20","slug":"beware-fake-the-interview-movie-download-app-is-in-the-wild","status":"publish","type":"post","link":"https:\/\/nccomputertech.com\/techtalk\/2014\/12\/29\/beware-fake-the-interview-movie-download-app-is-in-the-wild\/","title":{"rendered":"Beware: Fake &#8220;The Interview&#8221; movie download app is in the wild"},"content":{"rendered":"<p style=\"text-align:center;\"><a href=\"http:\/\/www.neowin.net\/news\/beware-fake-the-interview-movie-download-app-is-in-the-wild\"><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2014\/12\/the-interview_medium.jpg\" alt=\"\" \/><\/a><\/p>\n<p>&#8220;The Interview&#8221; is undeniably the hottest movie of the year, which is a comedy about a plan to kill North Korea&#8217;s leader, Kim Jong-un. It has also been the most controversial, backed by disputes with hackers threatening theaters who will play the said movie with physical action, and also by demands to pull the film, delaying its release. The movie did reach theaters, albeit limited, and the internet, via YouTube, Xbox Video and other similar video streaming websites.<\/p>\n<p>With all the racket and commotion, the Rogen-Franco movie has also been a big hit on torrent websites, downloaded tons of times illegally. Apparently, this has been a cue for the cyber evildoers to trick innocent minds again into infecting their smartphones and tablets with malware.<\/p>\n<p>In a recent blog post by Graham Cluley, a security blogger, an Android app claiming to be a client to download the movie is swarming the internet today. Quoting Irfan Asrar, a McAfee security expert, the app is part of a torrent, exclusive to South Korea. Cluley states:<\/p>\n<p>&#8220;Researchers at McAfee \u2013 in a joint investigation with the Technische Universit\u00e4t Darmstadt and the Centre for Advanced Security Research Darmstadt (CASED), has identified that a threat campaign has been active in South Korea in the last few days, attempting to exploit the media frenzy surrounding The Interview\u2018s release,&#8221;<\/p>\n<p>The app looks like an innocent application that will help you pirate the movie. But in reality, it contains an Android Trojan named &#8220;Android\/Badaccents&#8221;, which was hosted on Amazon Web Services. It is a banking Trojan which affects a number of Korean banks, including Citi Bank, and is out to steal your personal information and wipe the money off your bank cards. The collected data then apparently goes to a Chinese mail server. He has mentioned in his blog that at least 20,000 devices have been infected by the Trojan.<\/p>\n<p>One peculiar thing was observed by Cluley though, the malware checks for the device&#8217;s manufacturing information; if the device is set to &#8220;Samjiyon&#8221; or &#8220;Arirang,&#8221; which means the handset has been purchased in North Korea, the malware will not infect the host device, and instead display an error message stating &#8220;an attempt to connect to the server failed.&#8221;<\/p>\n<p>Pondering on whether this was a politics related attack, Cluley quotes Asrar:<\/p>\n<p>&#8220;Asrar says that he does not currently believe the limiting of infections to non-North Korean made devices was politically motivated, but instead a commercial decision not to waste bandwidth on users who were outside the targeted region (as North Koreans were unlikely to be customers of the targeted banks),&#8221;<\/p>\n<p>Cluley has mentioned that McAfee has notified Amazon of the issue, so further infections can be prevented. Also, he has warned people that there is a possibility of the Trojan being hosted on other websites, wearing different disguises.<\/p>\n<p>via <a href=\"http:\/\/www.neowin.net\/news\/beware-fake-the-interview-movie-download-app-is-in-the-wild\" target=\"_blank\">Beware: Fake &#8220;The Interview&#8221; movie download app is in the wild &#8211; Neowin<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;The Interview&#8221; is undeniably the hottest movie of the year, which is a comedy about a plan to kill North [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[7,9,10],"tags":[65,80,655,1104,1167],"class_list":["post-7294","post","type-post","status-publish","format-standard","hentry","category-security","category-software","category-technology","tag-android","tag-app","tag-malware","tag-trojan","tag-virus"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/papNkV-1TE","jetpack-related-posts":[{"id":7150,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/12\/17\/russian-malware-targets-wordpress-users-over-100000-sites-infected\/","url_meta":{"origin":7294,"position":0},"title":"Russian malware targets WordPress users, over 100,000 sites infected","author":"NCCT","date":"December 17, 2014","format":false,"excerpt":"Our blog was not affected...NCCT. A Russian malware dubbed SoakSoak has infected nearly 100,000 WordPress websites since Sunday, prompting Google to blacklist over 11,000 of those domains (the number is increasing), according to a report from cybersecurity firm Sucuri. The malware exploits a previously-known vulnerability in a WordPress plugin called\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":5916,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/07\/08\/attack-on-dailymotion-redirected-visitors-to-exploits\/","url_meta":{"origin":7294,"position":1},"title":"Attack on Dailymotion redirected visitors to exploits","author":"NCCT","date":"July 8, 2014","format":false,"excerpt":"Attackers injected malicious code into Dailymotion.com, a popular video sharing website, and redirected visitors to Web-based exploits that installed malware. The rogue code consisted of an iframe that appeared on Dailymotion on June 28, researchers from security vendor Symantec said Thursday in a blog post. The iframe redirected browsers to\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":8453,"url":"https:\/\/nccomputertech.com\/techtalk\/2015\/07\/07\/zeusvm-malware-building-tool-leak-may-cause-botnet-surge\/","url_meta":{"origin":7294,"position":2},"title":"ZeusVM malware building tool leak may cause botnet surge","author":"NCCT","date":"July 7, 2015","format":false,"excerpt":"The Internet could see a new wave of botnets based on the ZeusVM banking Trojan after the tools needed to build and customize the malware program were published online for free. The source code for the builder and control panel of ZeusVM version 2.0.0.0 was leaked sometime in June, according\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":3213,"url":"https:\/\/nccomputertech.com\/techtalk\/2013\/08\/20\/researchers-manage-to-get-malware-published-in-apples-ios-app-store\/","url_meta":{"origin":7294,"position":3},"title":"Researchers manage to get malware published in Apple&#039;s iOS App Store","author":"NCCT","date":"August 20, 2013","format":false,"excerpt":"While the posting of malware remains a rare occurrence on Apple's iOS App Store, a team of security researchers figured out a way to get a malicious piece of software past Apple's certification team. The team from Georgia Tech said that the app was approved and published by Apple in\u2026","rel":"","context":"In &quot;Apple&quot;","block_context":{"text":"Apple","link":"https:\/\/nccomputertech.com\/techtalk\/category\/apple\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":5750,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/06\/11\/one-click-test-finds-gameover-zeus-infections-on-pcs\/","url_meta":{"origin":7294,"position":4},"title":"One-click test finds Gameover Zeus infections on PCs","author":"NCCT","date":"June 11, 2014","format":false,"excerpt":"Users can test by simply visiting a Web page if their computers have been infected with Gameover Zeus, a sophisticated online banking Trojan that law enforcement officers temporarily disrupted last week. The one-click test was developed by security researchers from antivirus vendor F-Secure and takes advantage of the malware\u2019s aggressive\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":8976,"url":"https:\/\/nccomputertech.com\/techtalk\/2016\/07\/15\/this-android-trojan-blocks-victims-from-alerting-banks\/","url_meta":{"origin":7294,"position":5},"title":"This Android Trojan blocks victims from alerting banks","author":"NCCT","date":"July 15, 2016","format":false,"excerpt":"By Michael Kan | PCWorld A new Trojan that can steal your payment data will also try to stymie you from alerting your bank. Security vendor Symantec has noticed a \u201ccall-barring\u201d function within newer versions of the Android.Fakebank.B malware family. By including this function, a hacker can delay the user\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/7294","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/comments?post=7294"}],"version-history":[{"count":0,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/7294\/revisions"}],"wp:attachment":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/media?parent=7294"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/categories?post=7294"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/tags?post=7294"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}