Experts warn Android users about North Korean spy apps

Cybersecurity researchers discovered a group of malicious apps on the Google Play Store that actually served as a spying tool linked to North Korea.

Researchers from Lookout Threat Lab identified five applications that appeared to be regular system tools, but were collecting private user data in the background, reports Telegraph.

These apps, available in English and Korean, were called:

Phone Manager

File Manager

Smart Manager

Kakao Security

Software Update Utility

Although they seemed like useful programs, some of them only offered basic functions, while others were completely non-functional.

Their real goal was to steal data – SMS messages, call logs, device location, phone files, even audio and screen recording.

These apps used new spyware called KoSpy, which is attributed to the North Korean hacker group ScarCruft (also known as APT37).

The group has previously been linked to attacks on journalists, activists and state institutions in South Korea and other countries.

"KoSpy is a new Android spyware that masquerades as user apps and targets English and Korean-speaking users," the researchers warned.

Once installed, these applications can download additional modules that enable:

Access to SMS messages and call logs

Real-time user location tracking

Collecting files from the device

Screen and keyboard recording (keylogging)

Activating the microphone and camera for secret recording

Attackers used these features to closely monitor user activity and potentially steal sensitive data.

Google has since removed these apps from the Play Store, but it is unknown how many users downloaded them before they were deleted.

This incident shows once again how important it is to check the sources of applications before downloading, read reviews, and pay attention to the permissions the application requests during installation. /Telegraph/