Home Videos Android apps laced with North Korean spyware found in Google Play

Android apps laced with North Korean spyware found in Google Play

Mar 12, 2025 comments off
Android apps laced with North Korean spyware found in Google Play

As an Amazon Associate I earn from qualifying purchases.

Woodworking Plans Banner

Scientists have actually found several Android apps, some that were readily available in Google Play after passing the business’s security vetting, that surreptitiously submitted delicate user details to spies working for the North Korean federal government.

Samples of the malware– called KoSpy by Lookout, the security company that found it– masquerade as energy apps for handling files, app or OS updates, and gadget security. Behind the user interfaces, the apps can gather a range of info consisting of SMS messages, call logs, place, files, close-by audio, and screenshots and send them to servers managed by North Korean intelligence workers. The apps target English language and Korean language speakers and have actually been readily available in a minimum of 2 Android app markets, consisting of Google Play.

Reconsider before setting up

The surveillanceware masquerades as the following 5 various apps:

  • 휴대폰 관리자 (Phone Manager)
  • Submit Manager
  • 스마트 관리자 (Smart Manager)
  • 카카오 보안 (Kakao Security) and
  • Software Application Update Utility

Play, the apps have actually likewise been readily available in the third-party Apkpure market. The following image demonstrates how one such app appeared in Play.

Credit: Lookout

The image reveals that the designer e-mail address was mlyqwl@gmail[.]com and the personal privacy policy page for the app lay at https://goldensnakeblog.blogspot[.]com/2023/02/ privacy-policy. html.

“I value your rely on offering us your Personal Information, hence we are making every effort to utilize commercially appropriate ways of securing it,” the page states. “But bear in mind that no approach of transmission online, or technique of electronic storage is 100% safe and trusted, and I can not ensure its outright security.”

The page, which stayed readily available at the time this post went live on Ars, has no reports of malice on Virus Total. By contrast, IP addresses hosting the command-and-control servers have actually formerly hosted a minimum of 3 domains that have actually been understood given that a minimum of 2019 to host facilities utilized in North Korean spy operations.

Find out more

As an Amazon Associate I earn from qualifying purchases.

You May Also Like

New Fossils Reveal Diverse Terrestrial Ecosystem 75,000 Years after End-Permian Mass Extinction

New Fossils Reveal Diverse Terrestrial Ecosystem 75,000 Years after End-Permian Mass Extinction

Sporadic Radio Pulses Traced to White Dwarf-Red-Dwarf Binary System

Sporadic Radio Pulses Traced to White Dwarf-Red-Dwarf Binary System

200-Million-Year-Old Three-Toed Dinosaur Footprints Discovered in Australia

200-Million-Year-Old Three-Toed Dinosaur Footprints Discovered in Australia

Epigenetic ‘scars’ of trauma pass through generations, study of Syrian refugees finds

Epigenetic ‘scars’ of trauma pass through generations, study of Syrian refugees finds

POLG diseases: Rare genetic conditions that starve cells of energy and afflicted the late Prince of Luxembourg

POLG diseases: Rare genetic conditions that starve cells of energy and afflicted the late Prince of Luxembourg

No, that’s not a cosmic cone of shame—it’s NASA’s newest space telescope

No, that’s not a cosmic cone of shame—it’s NASA’s newest space telescope

About the Author: tech