Google Eliminates KoSpy-Spyware-Infected Apps from Play Store

Google has taken action against multiple malicious apps found to contain the KoSpy spyware, removing them from the Google Play Store to prevent further infections. Cybersecurity experts warn that these apps can steal sensitive user data, and anyone who has downloaded them should delete them immediately.

The KoSpy malware is linked to the North Korean hacking group APT37 (ScarCruft), known for cyber espionage activities. Security researchers from Lookout identified that KoSpy has been active since early 2022, compromising Android devices and collecting confidential information.

Apps Affected and Potential Risks

The malicious spyware was found in fake utility apps that disguised themselves as system tools. The infected apps include:

Phone Manager
File Manager
Smart Manager
Kakao Security
Software Update Utility

Although these apps have been removed from the Play Store, users who installed them earlier may still have them on their devices or might find them on third-party app stores, making it essential to manually delete them.

The KoSpy spyware is highly dangerous, as it grants hackers access to a wide range of personal data, including:

✔ Reading SMS messages and call logs
✔ Tracking real-time device location
✔ Accessing and modifying files and folders
✔ Recording audio and taking photos using the device camera
✔ Capturing screenshots and logging keystrokes
✔ Stealing Wi-Fi network details for potential security breaches

Google Also Removes 180 Apps Involved in Ad Fraud & Banking Malware

The KoSpy spyware is not the only cyber threat Google has recently tackled. The company has also removed 180 apps that were part of a large-scale ad fraud scheme and apps that contained banking trojans such as Anatsa (Teabot).

The ad fraud apps were designed to generate fake ad revenue while draining users’ device resources.
Anatsa/Teabot trojan-infected apps posed a serious financial risk, as they aimed to steal banking credentials and intercept transactions.
Even though these apps have been deleted from the Google Play Store, users who had previously installed them remain at risk unless they manually remove them from their devices.

How to Protect Your Device from Spyware & Malware

Google has urged users to take immediate steps to protect their devices. Follow these key security practices to stay safe:

1. Delete Any Infected Apps Immediately

If you have downloaded any of the identified malicious apps, uninstall them right away.
Go to Settings > Apps and look for suspicious apps that you don’t remember installing.

2. Enable Google Play Protect

Google Play Protect is Android’s built-in security feature that regularly scans for harmful apps.
To activate it: Open Play Store > Tap on Profile Icon > Play Protect > Enable Scan Device for Security Threats.

3. Avoid Third-Party App Stores

Many malicious apps bypass Google’s security checks by being distributed through third-party websites.
Only download apps from trusted sources like the Google Play Store and official company websites.

4. Regularly Update Your Device & Apps

Keep your Android OS and apps updated to ensure you receive the latest security patches.
Hackers often exploit vulnerabilities in outdated software, making timely updates essential.

5. Check App Permissions Carefully

Some apps request unnecessary permissions that could allow spyware to collect personal data.
Go to Settings > Apps & Notifications > App Permissions and revoke any excessive permissions granted to untrusted apps.

Google’s Response: Strengthening Security Measures

In response to the latest spyware discovery, Google confirmed to Forbes that Play Protect safeguards Android users from known versions of this malware. However, as Google makes sideloading apps easier, users should be extra cautious when installing apps outside the Play Store.

Cybersecurity analysts advise that users should proactively monitor their devices for any unusual activity and remove any flagged applications immediately.