Summary: A new spyware known as โKoSpy,โ attributed to North Korean threat group APT37, has infiltrated Google Play and APKPure through five malicious apps. The campaign, active since March 2022, primarily targets Korean and English-speaking users by masquerading as legitimate applications. Although the apps have been removed, users are advised to manually uninstall them and scan their devices for any residual threats.
Affected: Google Play, APKPure, Android users
Keypoints :
- KoSpy retrieves encrypted configurations to evade detection and can access sensitive data such as SMS, call logs, and GPS location.
- The malicious apps can operate while providing some functionality, except for one app that displays fake system windows to request permissions.
- Google has removed the identified KoSpy apps from Play Store and is working to protect users through Google Play Protect, which can block known malicious apps.