Suspected North Korean Hackers Infiltrate Google Play With 'KoSpy' Spyware
Newly discovered spyware, possibly from a North Korean hacking group, was found circulating on the Google Play Store.
The spyware programs, dubbed "KoSpy," were masquerading as utility apps. But once installed, they secretly collected a wide range of data from Android devices, including SMS messages and screenshots, to cybersecurity vendor Lookout Mobile Security.
Lookout says it has "medium confidence" that KoSpy is linked to North Korean hacking groups such as APT37/, which has often focused on cyber espionage.
KoSpy targets apps that are in Korean and English. It infiltrated Google Play as an app called "File Manager - Android." Google has since removed the app, which only attracted about 10 downloads.
"The use of regional language suggests this was intended as targeted malware," a Google spokesperson tells us. "Before any user installations, the latest malware sample discovered in March 2024 was removed from Google Play. Google Play Protect automatically protects Android users from known versions of this malware on devices with Google Play Services, even when apps come from sources outside of Play."
In total, Lookout found KoSpy using five different names: 휴대폰 관리자 (Phone Manager), File Manager, 스마트 관리자 (Smart Manager), 카카오 보안 (Kakao Security), and Software Update Utility. The malicious apps usually feature a basic interface that can access an Android phone's internal settings. In others, the fake apps merely display a dummy system window asking for device permissions.
The spyware secretly communicates with a hacker-controlled server before downloading various plugins designed to snoop on and collect data from the Android device. In addition, the spyware can configure itself to display messages to the user in Korean or English.
Although the spyware dates back to at least March 2022, the most recently recovered sample was collected in March 2024. The command and control servers for the spyware were also found to be inactive, so KoSpy may be retired.
"Some of the samples of KoSpy were available for download from the Google Play Store alongside the third-party app store Apkpure. However, no app is currently publicly available on Google Play Store," Lookout says.
Google confirms that all of the apps identified were removed from Google Play. Their Firebase projects were also taken down.
Lookout also attributed KoSpy to APT37 since one of the domains that the spyware reaches out to resolves to an IP address in South Korea that's been associated with hacking activities from APT37 and another North Korean hacking group, APT43.
'North Korean threat actors are known to have overlapping infrastructure, targeting, and TTPs (tactics, techniques, and procedures), which makes attribution to a specific actor more difficult,' Lookout says.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
10 minutes ago
- Yahoo
Football and falls as first humanoid robot games launch in China
The first World Humanoid Robot Games began on Friday in Beijing with over 500 androids alternating between jerky tumbles and glimpses of real power as they compete in events from the 100-metre hurdles to kung fu. Hundreds of robotics teams from 16 countries are going for gold at the Chinese capital's National Speed Skating Oval, built for the 2022 Winter Olympics. Events include traditional sports like athletics and basketball, as well as practical tasks such as medicine categorisation and cleaning. "I believe in the next 10 years or so robots will be basically at the same level as humans," enthusiastic 18-year-old spectator Chen Ruiyuan told AFP. Human athletes might not be quaking in their boots just yet. At one of the first events on Friday, five-a-side football, 10 robots the size of seven-year-olds shuffled around the pitch, often getting stuck in a scrum or falling over en masse. However, in a 1500m race, domestic champion Unitree's humanoid stomped along the track at an impressive clip, easily outpacing rivals. The fastest robot AFP witnessed finished in 6min 29.37sec, a far cry from the human men's world record of 3:26.00. One mechanical racer barrelled straight into a human operator. The robot remained standing while the human was knocked flat, though did not appear to be injured. - 'National strategy' - Robot competitions have been held for decades, but the 2025 World Humanoid Robot Games is the first to focus specifically on robots that resemble human bodies, organisers said. The Chinese government has poured support into robotics hoping to lead the industry. Beijing has put humanoids in the "centre of their national strategy", the International Federation of Robotics wrote in a paper on Thursday. "The government wants to showcase its competence and global competitiveness in this field of technology," it added. Joost Weerheim, an operator with a Dutch five-a-side robot football team, told AFP he was impressed. "I think right now if they are not already the world leader, they are very, very quickly becoming it," he said. Domestically, authorities are working to raise awareness of the sector across society. Cui Han, accompanying her 10-year-old, told AFP that her son's school had organised and paid for the trip to the Games. "I hope it will encourage him to learn more about these new technologies," she said. In March, China announced plans for a one-trillion-yuan fund ($139 billion) to support technology startups, including those in robotics and AI. The country is already the world's largest market for industrial robots, official statistics show, and in April Beijing held what organisers dubbed the world's first humanoid robot half-marathon. Chen, the 18-year-old, told AFP he was about to begin studying automation at university. "Coming here can cultivate my passion for this field," he said. "My favourite is the boxing because... it requires a lot of agility and I can really see how the robots have improved from before." At the kung fu competition area, a pint-sized robot resembling one from the popular Transformer series attempted to execute a move, but fell flat on its front. It spun around on the floor as it struggled to get back up, the crowd happily cheering. bur-reb/pst
Tom's Guide
11 minutes ago
- Tom's Guide
iPhone 17 Pro Max just leaked ahead of Apple event — design, battery and a huge camera upgrade
A pair of recent leaks regarding the upcoming iPhone 17 Pro Max hint at potential upgrades for Apple's high-end phone, but one of them may be more realistic than the other. The more controversial leak comes from the Korean blogging platform Naver, where tipster yeux1122 posted alleged CAD renders of the Pro Max that might reveal internal components for the device, including the battery. According to images from their blog, the renders reveal the battery size and shape, a solid aluminum structure, and the location of the MagSafe magnet. Based on these images, it appears the battery will be bigger, potentially around 5,000 mAh, which would put the iPhone 17 Pro Max on par with the Samsung Galaxy S25 Ultra. The MagSafe coil in the renders looks to be in a different place compared to the iPhone 16 Pro Max, which suggests a reconfiguration of the internal layout to support new hardware like a vapor-chamber cooling system. Yeux1122, in my experience, is very hit or miss with their leaks, and I am taking this leak with a heaping spoonful of salt. One regular Apple leaker on X, Unknownz21, stated that the renders were not an Apple CAD. Another regular Apple rumormonger, ShrimpApplePro, also found the images to be problematic. 'You can tell this is just a poorly make [sic] cad by some random people, not an actual internals of the new iphone,' they posted on X. On the other hand, a fresh leak from Instant Digital on Weibo seems more credible based on their track record with rumors. Get instant access to breaking news, the hottest reviews, great deals and helpful tips. They recently hinted that the iPhone 17 Pro Max will feature a new telephoto camera (via Android Headlines), making it one of the 'most powerful telephoto' lenses on the market. Reportedly, the Pro Max could feature a massive 8x optical zoom, a big leap from the fixed 5x zoom on its predecessor. This new system would also involve a moving lens system, meaning that it could switch between different focal lengths. It would give shooters more flexibility when zooming, but also make photos at various focal lengths have better image quality. Apple is reportedly upping the resolution of the telephoto lens to 48MP. Combined with the bigger optical zoom, it could explain the redesigned and larger camera array on the next high-end iPhone. This contradicts previous rumors that the camera would only support 3.5x optical zoom and another that suggested the iPhone 17 Pro would get 8x optical zoom. This is not a settled rumor. We'll know more in September during the iPhone 17 launch event, when Apple is expected to reveal the entire iPhone 17 lineup. Follow Tom's Guide on Google News to get our up-to-date news, how-tos, and reviews in your feeds. Make sure to click the Follow button.
Yahoo
40 minutes ago
- Yahoo
Google hustles to clarify ‘terrible' Play Store crypto wallet update after community backlash
'Terrible.' That was X co-founder and Block CEO Jack Dorsey's one-word judgement of news stories that suggested that Google had banned non-custodial crypto wallets in its Play Store. He was not alone. Crypto Twitter exploded in an uproar against a new Google policy update on Wednesday. The update made no distinction between wallet types and thus left developers scrambling to interpret whether new licensing demands applied even to open-source apps that don't hold user funds. Some, like wallet provider BlueWallet, publicly questioned whether the rules were legally accurate, pointing out that self-custody software doesn't require a license under current US law. Mountain View saw the pushback and hustled to clarify that non-custodial wallets were 'not in scope' of the policy and said it would update its Help Center to make this clear. As of Thursday morning, the policy now includes the line: 'Non-custodial wallets are out of scope of the Cryptocurrency Exchanges and Software Wallets policy.' So, no ban. Still, the trepidation about the $2.4 trillion tech titan's update is understandable. Especially as it was presented as an effort to meet local compliance standards and initially omitted any mention of exemptions for non-custodial wallets. While FinCEN guidance generally exempts non-custodial wallets and tools from money-transmitter rules, recent court cases against the likes of Samourai Wallet and Tornado Cash show that prosecutors may still pursue charges against crypto projects. The update also introduced additional licensing requirements for crypto wallets and exchange apps in 15 jurisdictions, including the US, EU, and UK. In the US, it said developers were required to register as a Money Services Business with FinCEN and also obtain a state money transmitter license, or operate as a chartered bank. In the EU, the policy states developers must be authorised under the Markets in Crypto-Assets framework as Crypto-Asset Service Providers, a designation typically applied to exchanges and custodians. Kyle Baird is DL News' Weekend Editor. Got a tip? Email at kbaird@ Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
