The researchers discovered many Android applications, some of which are available in Google Play after passing the company’s security examination, which was hidden in the user sensitive information to the spies working in the North Korean government.
Samples of harmful programs – named KOSPY by Lookout, the safety company that you discovered – a pipe as interest applications for file management, application applications, operating system and device security. Behind the facades, applications can collect a variety of information including SMS messages, call records, site, files, near sound, screen clips and send them to the servers dominated by North Korean intelligence staff. Applications target English and Korean speakers, and they were at least available in Android applications markets, including Google Play.
Think twice before installation
Surveillance programs are denied as five different applications:
- Phone manager
- File manager
- Smart manager
- Cocoa Security and
- Program update tool
Besides playing, applications were also available in the APKPure market of an external party. The following image shows how one of the applications appeared in playing.
The picture shows that the developer’s email address was Mlyqwl@Gmail[.]com and the application policy for the application is located in https: //goldensnakeblog.blogspot[.]com/2023/02/privacy-policy.html.
“I can confidence in providing us with your personal information, and therefore we are striving to use commercially acceptable means to protect them,” according to the page. “But remember that there is no way to send online, or the 100 % secure electronic storage method, and I cannot guarantee its absolute safety.”
The page, which has been available at the time of this post on ARS, has no reports of slag in the total virus. On the contrary, IP addresses, which hosted at least three areas, hosted at least three areas known since 2019 to host the infrastructure used in North Korea spy operations.