New North Korean Android spyware slips onto Google Play

A new Android spyware named 'KoSpy' is linked to North Korean threat actors who have infiltrated Google Play and third-party app store APKPure through at least five malicious apps. According to Lookout researchers, the spyware is attributed to the North Korean threat group APT37 (aka 'ScarCruft'). The campaign has been active since March 2022, with the threat actors actively developing the malware based on newer samples. The spyware campaign primarily targets Korean and English-speaking users by disguising itself as file managers, security tools, and software updaters. The five apps Lookout identified are 휴대폰 관리자 (Phone Manager), File Manager (com.file.exploer), 스마트 관리자 (Smart Manager), 카카오 보안 (Kakao Security), and Software Update Utility. Malicious app on Google Play Source: Lookout The malicious apps offer at least some of the promised functionality but load the KoSpy spyware in the background. The only exception is Kakao Security, which only displays a fake system window whil ... Read full article.