A hacker group allegedly linked to the North Korean government has placed several malicious Android apps on Google Play and tricked some of the platform’s users into installing the infected software, according to cybersecurity firm Lookout.

Image source: lookout.com

The campaign included several samples of the KoSpy malware, at least one of which was downloaded more than a dozen times, according to a screenshot from the Google Play store. The North Korean hackers often use their skills to steal money, experts say, but in this case, their goal is to collect data — KoSpy is a spy app. It collects “a huge amount of sensitive information,” including SMS messages, call logs, device location data, files on the device, keyboard input, Wi-Fi network information, and lists of installed apps. KoSpy records audio, takes photos with cameras, and takes screenshots. It used the Firestore cloud database on Google Cloud infrastructure to obtain “initial configurations.”

Lookout reported its findings to Google, after which Firebase projects were deactivated, KoSpy apps were removed, and the malware itself was added to the automatic detection system. Lookout experts found some KoSpy apps in the alternative APKPure app store, but its administration did not confirm the fact of the cybersecurity experts’ appeal. The alleged victims of the campaign are people from South Korea – some of the infected apps discovered had Korean names, as well as interfaces in Korean and English. References to domain names and IP addresses previously associated with other malware campaigns, for which hackers from the DPRK were accused, were found in the code of the apps.

admin

Share
Published by
admin

Recent Posts

Blue Ghost captures ‘diamond ring’ during solar eclipse

The Blue Ghost lunar lander, developed by Texas-based Firefly Aerospace, captured a rare astronomical phenomenon…

9 hours ago

Intel’s New CEO Could Earn Up to $69 Million in Coming Years

Intel, which nominally got a new CEO this week, traditionally published a report for US…

10 hours ago

Valve Celebrates Steam Deck and SteamOS Success, Hints at New Horizons in 2025

Valve has released a massive 2024 report summing up its performance. The document covers a…

10 hours ago

Intel Begins Manufacturing Products Using Advanced 18A Technology in Arizona

Late last month, Intel officially announced its readiness to provide finished digital designs of products…

12 hours ago

Amazon, Meta and Google to help triple global nuclear capacity by 2050

A consortium of major energy consumers, including Amazon, Meta✴ and Google, has set a goal…

12 hours ago

Intel shares jump nearly 15% after new CEO appointment

Intel has been without a CEO for more than three months, but this week it…

12 hours ago