The most recent McAfee Mobile Threat Report has revealed that four Korean transit apps were compromised in what has been deemed a “MalBus” attack. The applications had been available for over five years and had been downloaded hundreds of thousands of times, but have since been removed from the Google Play Store. MalBus allegedly had a very narrow focus, and the hack represented a new attack methodology that targeted legitimate developers of apps that already had a solid reputation, compromising the developer accounts.
The threat actors were able to add an additional library for uploading the update app to Google Play by gaining control of these trusted developer accounts. The library then ran an update process during the app installation that infected devices with a malicious Trojan disguised as a media file. After the installation, the hack would search for keywords related to political and military data.
Read More: Transit Apps With 600,000 Installs Compromised To Target Military And Political Data