Summary: North Korean state-backed hackers have been discovered using malware called KoSpy to infect Android devices, enabling them to spy on Korean and English speakers. The malware was found in fake utility apps and can gather sensitive data such as call logs, text messages, and user location. Google has removed the infected applications from its Play Store, but KoSpy remains a significant threat due to its sophisticated design and international targeting of users.
Affected: Android device users
Keypoints :
- KoSpy malware is attributed to the state-backed group ScarCruft (APT37).
- It has been found in bogus utility apps, with over half the apps featuring Korean titles.
- The malware is capable of collecting a wide range of sensitive information, including calls, messages, and user location.
- KoSpy shares infrastructure with another North Korean group, Kimsuky (APT43), known for spearphishing campaigns.
- ScarCruft has been active since 2012, primarily targeting South Koreans but also affecting users in multiple other countries.
Source: https://therecord.media/north-korea-malware-android-apps-kospy-apt37-scarcruft