Google has confirmed the removal of several malicious apps from the Play Store after security researchers from Lookout identified a new spyware, KoSpy, linked to North Korean hacker group APT37 (ScarCruft).
The malware, active since early 2022, was disguised as utility apps like “Phone Manager,” “File Manager,” “Smart Manager,” “Kakao Security,” and “Software Update Utility.”
KoSpy’s Capabilities Include:
- Accessing SMS messages and call logs
- Tracking device location
- Accessing local storage files
- Recording audio and taking photos
- Capturing screenshots and key strokes
- Collecting WiFi network details
Although Google has removed these apps, they are still available on third-party platforms.
Users are urged to check for these apps on their devices and delete them immediately.
How to Protect Your Device:
- Ensure Google Play Protect is enabled
- Avoid sideloading apps from unknown sources
- Regularly update your device’s security settings
Google emphasized that Play Protect automatically shields Android users from known malware, even if the apps are installed from external sources.