Watch out for North Korean Spyware Apps on the Google Play Store
Android users should be vigilant about what they download from the Google Play store, as a recent discovery by security researchers has revealed a selection of apps that contain North Korean spyware. The five affected apps appeared to be benign system utilities like file managers but once installed could collect personal information such as SMS messages, call logs, and device location.
The spyware apps were identified by Lookout Threat Lab, which highlighted the following apps in both English and Korean: 휴대폰 관리자 (Phone Manager), File Manager, 스마트관리자 (Smart Manager), 카카오 보안 (Kakao Security), and Software Update Utility. These apps have since been removed from the Play Store by Google.
The apps used a new surveillance tool called KoSpy, thought to originate from a North Korean state-sponsored hacking group called ScarCruft or APT37. According to Lookout Threat Lab, "KoSpy is a new Android spyware attributed to the North Korean group APT37. It masquerades as utility apps and targets Korean and English speaking users."
"KoSpy can collect extensive data, such as SMS messages, call logs, location, files, audio, and screenshots via dynamically loaded plugins," the security researchers warned.
The affected apps did not really work as they said they did: some of them performed some functions with basic interfaces that opened up Android settings view, while others did not function at all and showed only a fake system window. However, once installed, the apps could download plugins and collect surveillance information.
Some of the information the apps could surveil included data on SMS messages, call logs, device location, local files and folders, recording screenshots and key strokes, and even recording audio or taking photos with the phone's cameras.
Now that the apps have been removed from the Play Store, it's not clear how many people may have downloaded them and been affected. However, it serves as a good reminder to check the sources and reputation of apps before downloading them and giving them access to your device.