North Korean Spyware Discovered on Google Play Apps

Security researchers at Lookout have uncovered a troubling discovery on Google Play – five apps containing the North Korean spyware KoSpy. These apps, masquerading as file managers, security tools, and software updaters, pose a serious threat to users’ sensitive information.

While four of the apps do offer some legitimate features, Kakao Security only displays a fake system window. The danger lies in KoSpy’s ability to access a wide range of user information, including recording keystrokes, intercepting SMS and call logs, tracking GPS location in real time, reading files in local storage, recording audio through the phone’s microphone, taking photos and videos, and even capturing screenshots of the device display.

Reports from Bleeping Computer suggest that the spyware is linked to the North Korean hacker group APT 37, also known as Scarcruft. Google has since removed all of the compromised apps from the Play Store, but users who have recently downloaded a Korean-English app for file management are advised to verify its safety.

This concerning discovery serves as a reminder of the ever-present threat of malicious software lurking on seemingly legitimate platforms. Stay vigilant and prioritize your device security to safeguard your personal information from prying eyes.

This article was originally published on our partner site M3 and has been translated and adapted from Swedish for our readers’ benefit.