Security researchers at Lookout have recently uncovered five apps on Google Play that contain the North Korean spyware KoSpy. These apps masquerade as file managers, security tools, and software updaters, with four of them offering some of the promised features. However, Kakao Security, one of the apps, only displays a fake system window.
Users who unwittingly install these apps are at risk of having their sensitive information accessed by the North Korean hacker group APT 37, also known as Scarcruft. KoSpy can gather information in various ways, including recording keystrokes, intercepting SMS and call logs, tracking GPS location in real-time, reading files in local storage, recording audio through the phone’s microphone, taking photos and videos, and capturing screenshots of the device display.
Google has since removed all the affected apps from the Play Store. However, if you have recently downloaded a Korean-English app for file management, it is advisable to verify its safety before continued use.
This alarming discovery underscores the importance of staying vigilant while downloading apps, especially from third-party sources. Always ensure that you are downloading from reputable sources and regularly check for any suspicious activity on your device.
This article was originally published on our sister site M3 and has been translated and adapted from Swedish. Stay informed and stay safe online.
