A group of North Korean hackers has allegedly uploaded spyware onto the Google Play store. According to cybersecurity firm Lookout, this new spyware, called KoSpy, has tricked some users into downloading it. Lookout shared these findings exclusively with TechCrunch in a recent report.
KoSpy isn’t just a flashy name. It steals a ton of sensitive info. This includes SMS messages, call logs, location data, and even screenshots. It can record audio and take photos using the device’s cameras. To collect all this information, the spyware can access files, keystrokes, and lists of installed applications.
Interestingly, one of KoSpy’s apps was available on Google Play at one point, with over ten downloads. Lookout suspects these downloads were targeted at specific individuals, rather than the general public. Christoph Hebeisen, Lookout’s security research director, emphasized this point to TechCrunch.
North Korean hackers have previously made headlines for bold crypto heists, like the $1.4 billion theft from the Bybit exchange. This new spyware campaign seems more focused on surveillance.
Lookout’s report suggests that KoSpy communicates with Firestore, a Google Cloud database, to keep its settings updated. Google responded by saying it has removed all identified apps from its store and deactivated any related Firebase projects. Ed Fernandez from Google commented that Play Services automatically protect users from known malware.
However, Google did not provide clarity on whether it agrees with Lookout’s attribution of the spyware to North Korea. They also declined to answer specific questions about the report.
Furthermore, Lookout has detected some of these spyware apps on a third-party app store called APKPure. A spokesperson for APKPure stated they haven’t received any communication from Lookout regarding these findings.
Despite the lack of solid links to specific individuals targeted, the context hints at victims likely being South Koreans or those who speak Korean and English. Lookout’s researchers noted that the names of some apps are in Korean, and their interfaces support both languages.
The trend of hackers successfully infiltrating legitimate app stores is concerning. Hebeisen aptly pointed out the recurring success of North Korean threat actors in getting their malicious apps onto official platforms. This highlights an ongoing challenge for cybersecurity firms and tech companies alike. Users must remain vigilant and cautious about the apps they choose to download.
For more in-depth information about spyware and its implications, you can refer to Lookout’s findings here.
Check out this related article: Unleashing the Power of Gemma 3: Google’s Most Advanced AI Model for a Single GPU
Source linkAndroid,Exclusive,Google,Google Play,Lookout,malware,Spyware
