North Korean Spyware Apps Removed from Google Play After Security Breach

Google Play Store hosted spyware-laden apps linked to North Korean hacking groups, exposing sensitive user data before their removal.

Security researchers discovered spyware apps, named KoSpy, on Google Play and third-party store APKPure, targeting English and Korean speakers.
The spyware, attributed to North Korean hacking group APT37 (ScarCruft), has been active since at least March 2022, with links to another group, APT43.
KoSpy disguised itself as utility apps like 'File Manager' and 'Kakao Security,' collecting data such as SMS messages, call logs, GPS location, and more.
Google has removed the identified apps and associated Firebase projects, while recommending users enable Play Protect to block known threats.
Experts warn users to uninstall these apps manually and avoid sideloading apps from unverified sources to prevent further infections.