North Korea’s online activities have come under scrutiny after the FBI blamed the reclusive peninsula state for the hack of Sony Pictures Entertainment late last year.
A security researcher has now accused North Korea of another act of cybercrime — loading the state-run news service’s website with malware.
The malware was first discovered by a pseudonymous security researcher who goes by the name InfoSecOtter. Ars Technica says it has successfully replicated InfoSecOtter’s findings.
Visiting the site alone shouldn’t do anything. But problems could arise if you agree to install the “flash update.”
The Korean Central News Agency’s website contains a file that appears to be an Windows updater for an (outdated) version of Flash, a web plugin that’s used for displaying video and interactive graphics online. But on closer examination it’s revealed to contain known malware that would infect a user’s computer if accidentally installed.
From there, the illicit software could keep tabs on their activity and secretly report back to whoever created it. Ars Technica speculates that it’s a “watering hole attack,” targeted against those that might want “to keep tabs on” North Korea.
InfoSecOtter points out that we can’t be sure that North Korea is responsible for the malicious code — but it’s highly likely. “All we know for certain is that the KCNA website is serving it up,” they write, “not its origins. But if that’s the only viable externally facing website a country has, you’d think it would be noticed.”