The cybersecurity lookout company just observed some malware in the google play store. Some North Korean hacker groups uploaded malicious spyware in the play store.
Basically it is a cluster of campaigns where different samples of spyware are seen. The malware has the name of KoSpy. The cyber security company verifies that this is definitely North Korean spyware.
Among the several apps there was one app in the android store. People downloaded it 10 times. In the google play the app has a cached data screenshot.
North Korean hackers are in the news almost all the time. From stealing billions of worth of ethereum to the theft of crypto currency. Basically the plan is to give benefit to the nuclear plans of North korea.
However this spyware operation looks more like a simple lookout. Basically it was there to target a specific set of people. Where it targets the information from text messages, call history, files and pictures as well as location of the device. Moreover the spyware also looks for wifi networking areas and apps of the phone.
The spyware can also take pictures with the camera and screenshots of the device. To gain access to initial data the KOspy also takes help from firestore. A google cloud system which helps store or retrieve stolen files.
Google always removes malicious and doubtful apps when necessary. According to Ed Fernandez (the spokesperson of google) . The tech company always shields its users from such apps.
Overall this app is trying to gain something. It is using the inner structure of North Korean technology. These malwares can easily get into the app store and mobile. The person cannot even notice.
This should stop and authority parties should take serious action on it.
The lookout does not have information on the persons who are targeted. Because the information is not clear yet. Moreover, lookout also found that the apps include some Korean names. The titles also go in korean. Now we know Koreans can also speak English easily.
This was mainly a high time hacking campaign. According to lookout this campaign was for south koreans. But nothing is clear yet.
A third party apk pure also suspects the malicious activity. Lookout company wanted to search for it too. But apparently they did not receive any email.
Conclusion
So in the long run the spyware app is not a good one. To the small users this may seem insignificant but we should beware of such apps. Do not agree to anything when you install apps. Make sure to read and double check everything before installing. This might save you from a lot of hassle one day.
