North Korea’s official news site delivers malware

North_KoreaIf you visited the official news website of North Korea recently, chances are likely that you have installed malware on your computer. Security analysts believe that hackers planted malware on the home page in order to form a “watering hole” attack.

You can lead a horse to water, but can you make it drink?

A watering hole attack is when a hacker uses a legitimate website, or one that poses as such, to host malware. When a user visits a site that is infected, the user may be exposed to the malware. The water hole method is different from any other malware delivery method because the hacker just sits and waits for users to visit. Traditionally, malware delivery methods force the attacker to seek out victims such as sending out phishing emails with hyperlinks and attachments.

When a user visits the North Korean news website, a file called “FlashPlayer10.zip” prompts to download. Although this package is out of date because the current version of Adobe Flash Payer is 16, the chance for a regular user who is not familiar or paying close attention may opt to open the file zip file. In this case, the malware will download and then install itself. The malware is designed to steal the users passwords from the browser from which it stored on. Since the malware was just recently discovered, it is not exactly clear yet what exactly the malware does and to what extent.

Don’t just click ‘OK‘ when a site prompts you to update Flash Player!

Be careful where you surf and be vigilant of what a website is asking you to do. If a site requires an update such as Flash Player in this case – just go to the product  company website and download the update directly. In this case, at least you avoid downloading potential malware from a website that may not have a good intentions.

As always – have a good ‘malware-free’ day!

  • korikisulda(コリキ)

    The chance I’ve got North Korean malware installed on my computer is exactly zero. Don’t assume stupidity.