A hacker group allegedly linked to the North Korean government has placed several malicious Android apps on Google Play and tricked some of the platform’s users into installing the infected software, according to cybersecurity firm Lookout.

Image source: lookout.com

The campaign included several samples of the KoSpy malware, at least one of which was downloaded more than a dozen times, according to a screenshot from the Google Play store. The North Korean hackers often use their skills to steal money, experts say, but in this case, their goal is to collect data — KoSpy is a spy app. It collects “a huge amount of sensitive information,” including SMS messages, call logs, device location data, files on the device, keyboard input, Wi-Fi network information, and lists of installed apps. KoSpy records audio, takes photos with cameras, and takes screenshots. It used the Firestore cloud database on Google Cloud infrastructure to obtain “initial configurations.”

Lookout reported its findings to Google, after which Firebase projects were deactivated, KoSpy apps were removed, and the malware itself was added to the automatic detection system. Lookout experts found some KoSpy apps in the alternative APKPure app store, but its administration did not confirm the fact of the cybersecurity experts’ appeal. The alleged victims of the campaign are people from South Korea – some of the infected apps discovered had Korean names, as well as interfaces in Korean and English. References to domain names and IP addresses previously associated with other malware campaigns, for which hackers from the DPRK were accused, were found in the code of the apps.

admin

Share
Published by
admin

Recent Posts

SnowRunner creators’ ‘revolutionary’ RoadCraft simulator earns ‘mixed’ reviews on Steam release

As promised, the “revolutionary” construction simulator RoadCraft from Saber Interactive (SnowRunner, Expeditions: A MudRunner Game)…

4 hours ago

Google has taught Meet to translate speech on the fly while preserving intonation and tone of voice

Google unveiled a new live translation feature for its Google Meet video conferencing service at…

4 hours ago

CMF Phone 2 Pro Review: Still Surprising

Last year, Nothing introduced the first smartphone under its budget sub-brand CMF by Nothing. The…

4 hours ago

Google Chrome Will Start Automatically Changing Weak or Hacked Passwords, But Will Ask for Permission First

At Google I/O, the company announced a new feature in Chrome that will automatically update…

4 hours ago

The End of Silent AI Video: Google Unveils Veo 3, the First Video Generator with Sound

Google presented the latest AI model for generating videos from text descriptions, Veo 3, at…

4 hours ago

GTX 750 Ti is no longer enough for the game: Ubisoft announced the system requirements of Rainbow Six Siege X

Publisher and developer Ubisoft has revealed the system requirements for Tom Clancy's Rainbow Six Siege…

1 day ago