Tech News

Google deletes disguised ‘North Korean spy apps’ that steal texts, location and screenshots – see if you’ve got them now

GOOGLE has pulled down apps that experts warn were hiding North Korean “surveillance tool” that steals your texts, location, and even screenshots.

Security experts say that the dangerous spyware “masquerades as utility apps” – and has been secretly operating for at least three years.

4

Google has removed dangerous apps from its Play Store for Android phonesCredit: Getty
Screenshot of a fake Android app, "File Manager," on the Google Play Store, used to distribute KoSpy spyware.

Related Articles

4

The apps were concealing spyware that snooped on users, experts sayCredit: Lookout

The spyware is called KoSpy, and has been linked to a North Korean hacker group.

And it turned up in Android apps – including ones available to download from the official Google Play Store – according to security company Lookout.

Users would download a seemingly harmless app – like a file manager – which would secretly infect the device, then raid it for info.

“KoSpy can collect extensive data, such as SMS messages, call logs, location, files, audio, and screenshots,” said Lookout’s Alemdar Islamoglu.

Lookout warned that the apps would target users that speak either English or Korean.

And the attack only affects Android users – as the apps weren’t available on Apple’s App Store for iOS on iPhone.

After finding out about the apps, Google scrubbed them from its Android store.

“KoSpy has been observed using fake utility application lures, such as ‘File Manager’, ‘Software Update Utility’ and ‘Kakao Security’, to infect devices,” explained Islamoglu, an intelligence researcher at Lookout.

“The spyware leveraged the Google Play Store and Firebase Firestore to distribute the app and receive configuration data.

“All the apps mentioned in the report have been removed from Google Play.”

Deepfakes more ‘sophisticated’ and dangerous than ever as AI expert warns of six upgrades that let them trick your eyes

There were five apps listed as containing KoSpy, including:

  • Phone Manager
  • File Manager
  • Smart Manager
  • Kakao Security
  • Software Update utility

While Google can remove apps from the Play Store, it won’t always be able to delete them from your phone (unless you have Play Protect turned on).

So you may need to check your own device and uninstall the apps yourself if they’re on there.

North Korean flag flying against a blue sky.

4

The spyware has been linked to North Korea-affiliated hackersCredit: Getty

If you do have them, Google Play should automatically warn you that they’re on your phone.

In a statement given to TechCrunch, a Google spokesperson said: “All of the identified apps were removed from Play [and] Firebase projects deactivated.

“Google Play automatically protects users from known versions of this malware on Android devices with Google Play Services.”

KEEP YOUR ANDROID PHONE SAFE

Google has a handy feature called Play Protect designed to protect you from dangerous apps.

GOOGLE PLAY PROTECT – STAY PROTECTED!

photo illustration google play logo 979331084

Here’s what Google Play Protect does, according to Google…

  • It runs a safety check on apps from the Google Play Store before you download them.
  • It checks your device for potentially harmful apps from other sources. These harmful apps are sometimes called malware.
  • It warns you about potentially harmful apps.
  • It may deactivate or remove harmful apps from your device.
  • It warns you about detected apps that violate our Unwanted Software Policy by hiding or misrepresenting important information.
  • It sends you privacy alerts about apps that can get user permissions to access your personal information, violating our Developer Policy.
  • It may reset app permissions to protect your privacy on certain Android versions.
  • It may prevent an application from being installed that is unverified and uses sensitive device permissions that are commonly targeted by scammers to commit financial fraud. 

Picture Credit: Getty

It’s on by default, but you can check that it’s working by going into the Play Store > Profile > Play Protect > Settings, and then ensuring that Scan Apps With Play Protect is switched on.

If you’re downloading apps from outside of the Play Store, Google can still help.

Just go to Play Store > Profile > Play Protect > Settings > Improve Harmful App Detection and turn it on.

That will let Play Protect send unknown apps to Google automatically, to see if they’re dangerous.

Hooded figure sitting at a computer, working with code and a world map data visualization.

4

Cybercriminals often try to trick users into downloading dangerous apps by disguising them as legitimate downloadsCredit: Getty

If Play Protect finds a harmful app on your device, you’ll receive a notification.

You can then tap that and choose Uninstall to remove the app.

Read more on the Scottish Sun

It might also disable the app until you uninstall it yourself.

And Google Play Protect can also remove the app automatically.


Click Here For More Tech News

Photo of KSR

KSR

Hi there! I am the Founder of Cyber World Technologies. My skills include Android, Firebase, Python, PHP, and a lot more. If you have a project that you'd like me to work on, please let me know: contact@cyberworldtechnologies.co.in

Related Articles

How to watch Nvidia GTC 2025, including CEO Jensen Huang’s keynote

How to watch Nvidia GTC 2025, including CEO Jensen Huang’s keynote

March 13, 2025
Sonos has reportedly dropped one of its worst ideas

Sonos has reportedly dropped one of its worst ideas

March 13, 2025
Sky and Virgin viewers receive 15 brand new TV channels at no extra cost from major UK broadcaster

Sky and Virgin viewers receive 15 brand new TV channels at no extra cost from major UK broadcaster

March 13, 2025
The people in Elon Musk’s DOGE universe

The people in Elon Musk’s DOGE universe

March 13, 2025
Back to top button