The McAfee Mobile Research team has identified a new Android malware threat that has links to the Lazarus Cybercrime Group.
The malware targets South Korean users and poses as a legitimate APK available in Google Play, for reading the Bible in Korean.
According to McAfee, the campaign code, infrastructure and procedures used in the new attack tactics all point to Lazarus, which marks a new shift to the mobile platform.
The malware contains a backdoor file, an executable and linkable format (ELF) that is similar to other malicious executables developed by Lazarus.
The app has only been downloaded 1,300 times and there are no reports of the repackaged APK spreading in the wild as of yet.