A group of cybercriminals known as APT37 and linked to the North Korean government He loaded a ‘android spy software called Kospy in different fraudulent applications available In the official Google Play Store store store.
Investigators of the Laboratory of Threats of the cybersecurity firm Lookout have discovered a Surveillance tool that uses false applicationsas security administrators and security services, to infect mobile devices.
At the beginning of these ‘apps’, which have basic interfaces, the ‘software’ Kospy software begins, aimed at Korean and English -speaking users, because the texts and text input fields of these applications appeared in these languages.
Security analysts have attributed this malicious campaign to the North Korean government and the Apt Scrush group (known as APT37). This cyberspage group sponsored by the state of North Korea has been active since 2012.
Although it points mainly to South Korea, it has also carried out operations in countries such as Japan, Vietnam, Russia, Nepal, China, India, Kuwait, Romania and several nations of the Middle East, as indicated in a publication of their blog.
The researchers have indicated that the ‘Spyware’ distributed by this group on the Play Store Applications Platform and the cloud service for the development of web and mobile Firebase began to move in March 2022. The most recent samples date from March last year.
They have also confirmed that all the false applications used as lures -traded as ‘File Administrator’, ‘Kakao Security’ and ‘Software update utility’ utility They have been eliminated from Google Play and that Google has deactivated the associated Firebase projects.
From lookout they have also pointed out that all these applications were accredited to a developer identified as Android Utility Developer, with email ‘mlyqwl@gmail.com’. Some of these services were even warned in the Apkpure third party application store.
#Thousands #devices #affected #spy #Korean #Kospy #origin #Android #mobile #origin
