Spread the love


Google has removed multiple apps from the Play Store after discovering they contained KoSpy spyware. The malware, linked to the North Korean hacking group APT37 (ScarCruft), can collect sensitive user data, including call logs, SMS messages, and device location.

Security researchers from Lookout identified the spyware, which has been active since at least early 2022.

Apps affected and their risks

The KoSpy malware was found in fake utility apps such as ‘Phone Manager,’ ‘File Manager,’ ‘Smart Manager,’ ‘Kakao Security,’ and ‘Software Update Utility.’ These apps, while no longer on the Play Store, may still exist on some devices or be available through third-party sources. The spyware has extensive capabilities, including:

• Collecting SMS messages and call logs

• Tracking device location

• Access files and folders

• Record audio and take photos

• Capturing screenshots and recording keystrokes

• Collecting Wi-Fi network details

Other recent Play Store deletions

Google has also removed 180 apps involved in an ad fraud scheme, as well as apps infected with the Anatsa/Teabot trojan. While these apps are no longer available for download, users who installed them earlier remain at risk.

Steps to protect your device

Users should immediately delete any of the identified malicious apps if they are installed. Additionally, it is recommended to:

– Keep Google Play Protect enabled to scan for harmful apps

– Avoid downloading apps from third-party sources

– Regularly update your device’s software for security patches

– Check app permissions and remove any unnecessary access granted to apps

In response to the report, Google has confirmed to Forbes that Play Protect safeguards Android users from known versions of this malware.

However, as Google updates Play Protect to allow easier app sideloading, users should be cautious and only install apps from trusted sources. If any flagged apps are on your device, it is advised to delete them immediately.



Source link

Share.
Exit mobile version