Security researchers from Lookout have discovered that five apps on Google Play contain the North Korean spyware KoSpy.
The apps in question claim to be file managers, security tools and software updaters. Four of the apps offer at least some of the promised features, but when it comes to Kakao Security, only a fake system window is displayed.
Users who install the apps risk sensitive information being passed on to the North Korean hacker group APT 37 (also known as Scarcruft), Bleeping Computer reports. KoSpy can access information about a user in several ways:
- Recording keystrokes
- Intercepting SMS and call logs
- Tracking GPS location in real time
- Reading files in local storage
- Recording audio via the phone’s microphone
- Taking photos and video
- Taking screenshots of the device display
According to a Google spokesperson, all of the targeted apps have now been removed from Google Play, but if you’ve recently downloaded a Korean-English app to manage files, you might want to check it’s safe to use.
This article originally appeared on our sister publication M3 and was translated and adapted from Swedish.
