Cyber Week in Review: South Korea Cyber Command, TJ Maxx & Android Malware

Media Division | December 16, 2016

What do North Korea, a discount store’s Facebook page, and Gooligan have in common? Nothing, except they’re all at the center of this week’s top cyber stories.

It seemed hacking had a sense of humor this week.  Unless, of course, you are one of the one million people whose phones had malware, your child saw TJ Maxx’s feminine hygiene instructions, or you’re South Korean; then, maybe this stuff wasn’t so funny.

For the rest of us, some of this is pretty humorous.

North and South

We all know real hackers don’t sport hoodies, but in many cases they may speak Korean.  By some estimates, the North Korean hacking compound known as Bureau 121 may have thousands of personnel.  Considering that’s in a nation that famously appears dark from space, that’s a pretty stark contrast in resources between citizens without electricity (or mandatory blackout times, perhaps?); the central government has such resources.

North Korea has messed around before, most notably about two years ago when they hacked Sony Pictures (reportedly in protest of the comedy The Interview).

Things turned a bit more serious this week, though, when it was discovered that North Korea reportedly hacked South Korean military cyber command.

In classic hacking fashion, we are learning of the attack some time later, the malware infection of 160 companies and 140,000 computers took place some time between February and June.  At this time, no one knows (or no one is saying) if anything serious was compromised, or just low-level files.

Raunchy Facebook Feed

In decidedly less serious news (this one doesn’t threat to go nuclear), the Facebook feed of TJ Maxx was hilariously, inappropriately, hacked.

Of course, the posts have since been taken down, but you can still catch screenshots of the offending posts.  The discount department store suddenly shifted from a timeline holiday wares, to “avoiding pregnancy without a condom” and “smelly vaginas are ruining your life.”  Each link connected to an inactive site named

Someone with a sense of humor (who likely is now out of work)? The result of inadequate password protection?
Who knows, but it sure set the interweb all-a-twitter.

Those Crazy Gooligans

In July the HummingBad malware was, well, bad, infecting some 10 million devices.  Now a new malware, dubbed “Gooligan” may be spreading at a rate of about 13,000 Android devices per day.

Android users famously enjoy the flexibility of their devices: apps can be shared, customizations created (beyond what Apple typically accommodates), even operating systems can be changed.  Gooligan takes advantage of that adaptability: seemingly legitimate apps root and spread on across devices.

According to Google, the malware isn’t compromising any personal email or files, only accessing Google accounts such as Gmail, Drive and Photos. It doesn’t seem that the malware is targeting any particular people or groups.

What is the malware doing?  It appears that it is manipulating app rankings, accessing the Google Play Store and leaving five-star rankings (which in turn can lead to increased sales and further spread of the malware).

If that sounds personal enough for you, rest assured that the vulnerabilities exploited were patched years ago by Google and if you are running a version released in the past year, you are already protected.  That’s good news, since if you are infected with malware like this you end up needing to reinstall your entire operating system.

Avoid Hooded Hooligans

Want to stay safe and warm and avoided hooded hooligans this holiday season?  Stay tuned to your Cyber Week in Review and we’ll keep you apprised of cyber problems.

Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.