North Korean Spyware Disguised as Android Apps Found on Google Play

Researchers uncovered malware-laden apps linked to North Korean hackers, targeting English and Korean speakers through Google Play and third-party platforms.

Security researchers identified spyware, named KoSpy, embedded in apps posing as file managers, security tools, and software updaters.
The apps, linked to North Korean threat group APT37, were available on Google Play and APKPure, targeting English and Korean-speaking users.
KoSpy collects sensitive user data, including SMS messages, call logs, GPS location, audio recordings, screenshots, and keystrokes.
Google has removed the identified apps and deactivated related Firebase projects, but affected users must manually uninstall the spyware.
The campaign, active since 2022, appears to have targeted specific individuals, suggesting a focus on South Korean users.