KakaoTalk Users Warned of Malicious Applications

Experts have found fake apps that harvest information and send out spam messages

By on July 18th, 2013 14:52 GMT

Security experts and Kakao are warning users of the KakaoTalk instant messaging app about Trojanized and fake apps that leverage the application’s popularity. 

Trend Micro experts have come across a Trojanized version of KakaoTalk that’s designed to harvest contact information, text messages and phone settings.

Cybercriminals took a legitimate version of the app and added malicious code to it. Unlike the genuine application, the Trojanized KakaoTalk (ANDROIDOS_ANALITYFTP.A) asks for a large number of permissions when it’s installed.

This particular threat has been distributed via email.

However, this is not the only malicious element that leverages the KakaoTalk brand. Around a month ago, Kakao warned users about a so-called KakaoTalk Security Plugin designed to send spam text messages to all contacts.

In this case, the bogus security plugin was distributed via a hacked Google Play developer account.

A redirector app was uploaded to the compromised developer account. This redirector was set up to serve ads that led to various applications, including the fake security plugin.