Security researchers from Lookout have made a concerning discovery regarding five apps on Google Play that are harboring the North Korean spyware KoSpy.
These apps are disguised as file managers, security tools, and software updaters. While four of the apps do provide some of the promised features, one of them, Kakao Security, only displays a fake system window. This deception puts users at risk of having their sensitive information compromised by the North Korean hacker group APT 37, also known as Scarcruft.
KoSpy has the capability to access a user’s information in various ways, including recording keystrokes, intercepting SMS and call logs, tracking real-time GPS location, reading files in local storage, recording audio through the phone’s microphone, capturing photos and videos, and taking screenshots of the device display.
Fortunately, Google has taken swift action to remove all of the malicious apps from Google Play. However, if you have recently downloaded a Korean-English app for managing files, it is advisable to verify its safety before continuing to use it.
This article was originally published on M3, a Swedish publication, and has been translated and adapted for a wider audience. Stay vigilant and ensure the safety of your devices by staying informed about potential security threats.
