North Korean KoSpy Malware Targets Google Play Users
North Korean KoSpy Malware Targets Google Play Users

North Korean KoSpy Malware Targets Google Play Users

News summary

Security researchers have uncovered the 'KoSpy' spyware, linked to North Korean hacking group APT37, infiltrating Google's Play Store and third-party APKPure with at least five malicious apps. Disguised as utility apps, KoSpy secretly collected sensitive data, such as SMS messages, call logs, and screenshots, and targeted English and Korean-speaking users. The spyware leveraged Firebase Firestore and hardcoded AES keys for data exfiltration to North Korean-controlled servers. Google's Play Protect was able to detect and warn users of the malware, which has since been removed from the app stores. Despite the low number of downloads, the campaign is believed to have specifically targeted individuals in South Korea. The spyware campaign has been active since March 2022, with the latest sample found in March 2024, although the command and control servers are currently inactive.

Story Coverage
Bias Distribution
100% Left
Information Sources
bfb2a97b-336e-48d9-b69a-147df7862dc2
Left 100%
Coverage Details
Total News Sources
1
Left
1
Center
0
Right
0
Unrated
0
Last Updated
14 days ago
Bias Distribution
100% Left
Related News
Daily Index

Negative

22Serious

Neutral

Optimistic

Positive

Ask VT AI
Story Coverage
Subscribe

Stay in the know

Get the latest news, exclusive insights, and curated content delivered straight to your inbox.

Present

Gift Subscriptions

The perfect gift for understanding
news from all angles.

Related News
Recommended News