Security researchers from Lookout identified the spyware, which has been active since at least early 2022.
Apps affected and their risks
The KoSpy malware was found in fake utility apps such as ‘Phone Manager,’ ‘File Manager,’ ‘Smart Manager,’ ‘Kakao Security,’ and ‘Software Update Utility.’ These apps, while no longer on the Play Store, may still exist on some devices or be available through third-party sources. The spyware has extensive capabilities, including:
• Collecting SMS messages and call logs
• Tracking device location
• Access files and folders
• Record audio and take photos
• Capturing screenshots and recording keystrokes
• Collecting Wi-Fi network details
Other recent Play Store deletions
Google has also removed 180 apps involved in an ad fraud scheme, as well as apps infected with the Anatsa/Teabot trojan. While these apps are no longer available for download, users who installed them earlier remain at risk.
Steps to protect your device
Users should immediately delete any of the identified malicious apps if they are installed. Additionally, it is recommended to:
– Keep Google Play Protect enabled to scan for harmful apps
– Avoid downloading apps from third-party sources
– Regularly update your device’s software for security patches
– Check app permissions and remove any unnecessary access granted to apps
In response to the report, Google has confirmed to Forbes that Play Protect safeguards Android users from known versions of this malware.
However, as Google updates Play Protect to allow easier app sideloading, users should be cautious and only install apps from trusted sources. If any flagged apps are on your device, it is advised to delete them immediately.
