CyberSecurityBoard
Sponsor Register Login

New North Korean Android spyware slips onto Google Play

A new Android spyware named 'KoSpy' is linked to North Korean threat actors who have infiltrated Google Play and third-party app store APKPure through at least five malicious apps. The five apps Lookout identified are 휴대폰 관리자 (Phone Manager), File Manager (com.file.exploer), 스마트 관리자 (Smart Manager), 카카오 보안 (Kakao Security), and Software Update Utility. Although the spyware apps have now been removed from both Google Play and APKPure, users will need to manually uninstall them and scan them with security tools to uproot any remnants of the infection from their devices. A Google spokesperson confirmed to BleepingComputer that all the KoSpy apps identified by Lookout have been removed from Google Play and that the corresponding Firebase projects have also been taken down. The campaign was attributed to APT37 based on IP addresses previously linked to North Korean operations, domains that facilitated the distribution of Konni malware, and infrastructure that overlaps with APT43, another DPRK-sponsored threat group. Google Play Protect is also able to block known malicious apps, so enabling it on up-to-date Android devices can help protect against KoSpy. Before any user installations, the latest malware sample discovered in March 2024 was removed from Google Play," Google told BleepingComputer.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Wed, 12 Mar 2025 17:35:20 +0000


Cyber News related to New North Korean Android spyware slips onto Google Play

Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks - Microsoft has identified a new North Korean threat actor, now tracked as Moonstone Sleet, that uses both a combination of many tried-and-true techniques used by other North Korean threat actors and unique attack methodologies to target companies for ...
9 months ago Microsoft.com
Citizen Lab details ongoing battle against spyware vendors - Citizen Lab senior researcher Bill Marczak said that while the organization has achieved some important wins against spyware proliferation, the progress is inevitably hindered by vendors that continually adapt their technologies and practices. The ...
1 year ago Techtarget.com
North Korea's state hackers stole $3 billion in crypto since 2017 - North Korean-backed state hackers have stolen an estimated $3 billion in a long string of hacks targeting the cryptocurrency industry over the last six years since January 2017. Kimsuky, Lazarus Group, Andariel, and other North Korean hacking groups ...
1 year ago Bleepingcomputer.com Andariel Kimsuky Lazarus Group
The Limitations of Google Play Integrity API - This overview outlines the history and use of Google Play Integrity API and highlights some limitations. We also compare and contrast Google Play Integrity API with the comprehensive mobile security offered by Approov. Google provides app attestation ...
1 year ago Securityboulevard.com
Spyware isn't going anywhere, and neither are its tactics - The illegal use of spyware to target high-profile or at-risk individuals is a global problem, as highlighted by this article from The Register that Talos' Nick Biasini just contributed to. As we've written about, many Private Sector Offensive Actors ...
1 year ago Blog.talosintelligence.com CVE-2024-23222
Intellexa and Cytrox: From fixer-upper to Intel Agency-grade spyware - Cisco Talos has a new, in-depth analysis of timelines, operating paradigms and procedures adopted by spyware vendor Intellexa. Talos' analysis revealed that rebooting an iOS or Android device may not always remove the Predator spyware produced by ...
1 year ago Blog.talosintelligence.com
New North Korean Android spyware slips onto Google Play - A new Android spyware named 'KoSpy' is linked to North Korean threat actors who have infiltrated Google Play and third-party app store APKPure through at least five malicious apps. The five apps Lookout identified ...
3 hours ago Bleepingcomputer.com APT3 APT37
Google says spyware vendors behind most zero-days it discovers - Commercial spyware vendors were behind 80% of the zero-day vulnerabilities Google's Threat Analysis Group discovered in 2023 and used to spy on devices worldwide. Zero-day vulnerabilities are security flaws the vendors of impacted software do not ...
1 year ago Bleepingcomputer.com
Android 15, Google Play get new anti-malware and anti-fraud features - Today, Google announced new security features coming to Android 15 and Google Play that will help block scams, fraud, and malware apps on users' devices. Announced at Google I/O 2024, the new features are designed not only to help end users but also ...
9 months ago Bleepingcomputer.com
US Uses Visa Restrictions in Struggle Against Spyware - The United States will impose visa restrictions on foreign individuals who have been involving the misuse of spyware, the latest effort by the Biden Administration to address the dangers of the commercial software that often is used by governments ...
1 year ago Securityboulevard.com
North Korean Hackers Use Fake Job Offers & Salary Bumps as Lure for Crypto Theft - Recent investigations have uncovered a massive operation carried out by North Korean hackers looking to steal cryptocurrency through fake job offers and salary bumps. According to recent reports, hackers have been able to trace the malicious ...
2 years ago Therecord.media
Intellexa Spyware Adds Persistence with iOS or Android Device - In the shadowy realm of commercial spyware, the spotlight turns to the notorious Intellexa spyware and its Predator/Alien solution, as dissected by Cisco Talos in their comprehensive May 2023 report. This expose navigates the labyrinthine intricacies ...
1 year ago Gbhackers.com
macOS Malware Mix & Match: North Korean APTs Stir Up Fresh Attacks - North Korean advanced persistent threat groups are mixing and matching components of two recently unleashed types of Mac-targeted malware to evade detection and fly under the radar as they continue their efforts to conduct operations at the behest of ...
1 year ago Darkreading.com
North Korean Hackers Utilizing Credential Stuffing to Launch Cyberattacks - In an alarming new report, researchers found that North Korean-linked hackers have been using stolen passwords during cyberattacks to gain access to various government, military and financial networks. According to security experts, the creative ...
2 years ago Thehackernews.com
US govt sanctions North Korea's Kimsuky hacking group - The Treasury Department's Office of Foreign Assets Control has sanctioned the North Korean-backed Kimsuky hacking group for stealing intelligence in support of the country's strategic goals. OFAC has also sanctioned eight North Korean agents for ...
1 year ago Bleepingcomputer.com Andariel Kimsuky
Woman Accused of Helping North Korean IT Workers Infiltrate Hundreds of US Firms - The US government has announced charges, seizures, arrests and rewards as part of an effort to disrupt a scheme in which North Korean IT workers infiltrated hundreds of companies and earned millions of dollars for North Korea. According to the ...
9 months ago Securityweek.com
North Korea's Kimsuky Attacks Rivals' Trusted Platforms - North Korea-linked threat groups are increasingly using living-off-the-land (LotL) techniques and trusted services to evade detection, with a recent Kimsuky campaign showcasing the use of PowerShell scripts and storing data in Dropbox folders, along ...
3 weeks ago Darkreading.com Andariel Kimsuky
US announces visa ban on those linked to commercial spyware - Secretary of State Antony J. Blinken announced today a new visa restriction policy that will enable the Department of State to ban those linked to commercial spyware from entering the United States. As part of this effort, the Biden Administration ...
1 year ago Bleepingcomputer.com
ICE Signs $2 Million Contract With Spyware Maker Paragon Solutions | WIRED - Measures have included placing spyware vendors like NSO Group and Intellexa on the so-called Entity List to prevent any US companies from doing business with them; enacting a visa restriction policy against multiple individuals “who have been ...
5 months ago Wired.com
Is Your Organization Infected by Mobile Spyware? - The surge in mobile device usage within organizations has inevitably opened the floodgates to a new kind of cyber threat-mobile spyware. The growing dependence on mobile technology has made it imperative for organizations to recognize and mitigate ...
1 year ago Blog.checkpoint.com
Google promises a rescue patch for Android 14's "ransomware" bug - So Android 14 has this pretty horrible storage bug for upgrading users. Bugs are always going to happen, but the big problem with this is that Google has seemingly been ignoring it, and on Friday we wrote about how users have been piling up hundreds ...
1 year ago Arstechnica.com
What is Spyware? How It Works and How to Protect Yourself Against It - Spyware is a type of malicious software that is designed to collect sensitive data from victims without their knowledge or consent. It is typically installed on computers without the user’s knowledge or consent, and collects sensitive information ...
2 years ago Heimdalsecurity.com
More Android apps riddled with malware spotted on Google Play - An Android remote access trojan known as VajraSpy was found in 12 malicious applications, six of which were available on Google Play from April 1, 2021, through September 10, 2023. The malicious apps, which have now been removed from Google Play but ...
1 year ago Bleepingcomputer.com Patchwork
Experts from the United Nations Report North Korean Hackers Have Taken a Large Amount of Digital Assets - Last year, North Korean hackers working for the government stole a record-breaking amount of virtual assets estimated to be worth between $630 million and more than $1 billion, according to a new report from U.N. experts. The panel of experts said ...
2 years ago Securityweek.com Andariel Kimsuky Lazarus Group Rocke
FBI Charges North Korean Hackers Over $100 Million Stolen in Crypto Hack - The FBI has recently charged a North Korean hacker in connection with the Harmony crypto hack from which the hacker allegedly stole over $100 million. The hacker, Jon Chang Hyok, is a member of the North Korean military intelligence agency, the ...
2 years ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)