By all accounts, “The Interview” isn’t that great a film. Rotten Tomatoes has just 61 percent of moviegoers and 52 percent of critics giving the film a favorable review, yet the action-comedy piece about assassinating North Korea’s leader has already become Sony’s top-grossing online film of all time.
Of course, this shouldn’t come as a surprise. After being hacked, the studio flip-flopped about releasing the film on Christmas day as schedule and eventually opted for a limited theater release along with distribution on YouTube and other reputable online sites. As with any Internet distribution, however, the film was quickly picked up by pirate and torrent sites for download — and in at least one case, is being used as a front for banking malware. Here’s why grabbing The Interview via Android app isn’t cinematic genius.
Seems Legit
According to a recent Graham Culey post, malware makers are capitalizing on The Interview hype by designing a malicious Android app for the express purpose of tricking users and grabbing their bank information. It goes like this: there’s a torrent making the rounds in South Korea claiming to be an app that will download the movie’s full version to a mobile device. Sure, a little image pops up that looks like the movie poster seen online, but in fact this is a piece of banking malware that security firm McAfee calls Android/Badaccents. Hosted on Amazon Web Services, the two-stage Trojan targets several South Korean banks along with Citi bank users, and to date has infected 20,000 users, with stolen data likely sent to a far-east mail server.
And it gets better: Researchers have also uncovered that the malware checks the device manufacturer: If it’s Samjiyon or Arirang — which typically sell in North Korea — the malicious code does not infect but instead displays an error message. Of course, fans of the theory that North Korea was behind the initial Sony attack make another logical leap here, but McAfee security expert Irfan Asrar says this omission is likely because most North Koreans probably don’t use any of the targeted banks. AWS has been notified of the code on its servers, but it’s a safe bet that any torrent claiming a full mobile download isn’t entirely forthcoming and is almost certainly a risk.
Familiar Ground
The Interview malware isn’t the first legit-looking entertainment app to target mobile devices. According to December 29th Security Watch article, Malwarebytes recently identified a fake app on Chinese third-party app stores that looks just like popular messaging app QQ. This malware, Trojan.SmsSpy.qq has the sole purpose of capturing a user’s QQ login credentials and sending them to a prepaid mobile number. And just over a week ago, Zscaler found an app claiming to be a pirated version of the popular video game Assassin’s Creed targeting Russian users. Once installed on a device, the malware asks for a long list of permissions and then displays the game’s icon on-screen. After a moment, this icon disappears but the process doesn’t terminate, instead running in the background to intercept banking text messages from Volga-Vyatka Bank of Sberbank.
And who could forget the famous “celebrity scandal” apps that claimed to download racy photos of your favorite stars after the recent iCloud leak? Again, a total fake but one that infected hundreds of thousands of devices. The bottom line? Anything popular, controversial or otherwise interesting event generates malware. If an app seems too good to be true, it absolutely is.
Helping Hands
In fact, the prevalence of fake — everything — from malware to wireless hotspots to mobile towers — has prompted the development of apps like SnoopSnitch, which claim to identify IMSI-Catchers and StingRays before these false mobile towers intercept your traffic. Root access is required for many of these “security” apps, so buyer beware: make sure you’re not getting more malware in disguise.
Want more protection? Do all the simple things, like updating your OS, firmware and applications. Don’t download anything from third-party app stores and always read the permissions before you agree to any kind of access. If you’re looking to take it a step farther, encrypt your data and hide your IP address — when cybercriminals don’t know where you are or what you’re doing, it’s much harder to stir up trouble.
Hoping to watch The Interview? Head to reputable download sites or steer clear altogether; don’t talk to shady torrents.