img

Google has removed several applications from the Play Store after security experts identified them as carriers of KoSpy spyware. The malware, associated with the North Korean hacking group APT37 (ScarCruft), has the ability to steal sensitive user information, including call logs, SMS messages, and device location. Security researchers from Lookout have been tracking the spyware since early 2022.

Affected Apps and Security Risks

The KoSpy malware was embedded in fake utility applications, including:

  • Phone Manager
  • File Manager
  • Smart Manager
  • Kakao Security
  • Software Update Utility

Although these applications have been removed from the Play Store, they may still exist on some devices or be available via third-party app stores. The spyware possesses a wide range of intrusive capabilities, such as:

  • Collecting SMS messages and call logs
  • Tracking real-time device location
  • Gaining access to stored files and folders
  • Recording audio and taking unauthorized photos
  • Capturing screenshots and logging keystrokes
  • Gathering Wi-Fi network details

Other Malware-Linked App Removals

In addition to removing apps infected with KoSpy spyware, Google has also deleted 180 apps involved in an ad fraud operation. Furthermore, applications carrying the Anatsa/Teabot trojan, a banking malware that steals financial credentials, have also been taken down.

Although these harmful applications are no longer available for new downloads, users who previously installed them remain at risk.

How to Protect Your Device

To ensure your device is secure, follow these safety measures:

 Uninstall malicious apps – Immediately delete any flagged applications from your device.

 Enable Google Play Protect – This built-in security feature scans apps for malware and blocks harmful software.

 Avoid third-party app stores – Download applications only from trusted sources like the Google Play Store.

 Keep your device updated – Install the latest software updates and security patches to protect against emerging threats.

 Review app permissions – Regularly check app permissions and revoke access to unnecessary features.

Google’s Response to KoSpy Spyware Threat

Google has confirmed to Forbes that Play Protect safeguards Android users from known versions of KoSpy spyware. However, as Google enhances Play Protect to support easier sideloading of applications, users should remain vigilant and only install apps from trusted developers and official sources.

If you discover any of the removed apps on your device, it is strongly recommended to delete them immediately to prevent potential data theft.


Read More: Oppo F29 5G: New Smartphone Lineup with Enhanced Durability and Performance

KoSpy spyware Play Store malware Google app removal APT37 hacking group Android security spyware removal