CyberSecurity news

FlagThis

info@thehackernews.com (The@The Hacker News //
North Korea-linked APT group ScarCruft has been identified deploying a new Android spyware dubbed KoSpy, targeting Korean and English-speaking users. The spyware was distributed through fake utility apps on the Google Play Store and third-party app stores like APKPure. At least five malicious applications, masquerading as File Manager, Phone Manager, Smart Manager, Software Update Utility, and Kakao Security, were used to trick users into installing the spyware onto their devices.

The malicious apps offer the promised functionality to avoid raising suspicion while stealthily deploying spyware-related components in the background. The spyware is designed to collect a wide range of data from compromised devices, including SMS messages, call logs, device location, files in local storage, screenshots, keystrokes, Wi-Fi network information, and the list of installed applications. It's also equipped to record audio and take photos. The apps have since been removed from the app marketplace.
Original img attribution: https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh1Ph61Fp86lZZi5iTSnMuK7QWC0lD48gbdpw61TI3DuBnkql0qVoodLmY1CAgWvdNCTTRwJYe4q3OnDA33-kXENzSKrjZ12jRHq74b2GQqaN9_BfGpRTMzmF2Gs2knCyYDr5iO5QLvPduXJJdNzS6s7iL9Xl3tWAknS9SbeGO6zpTa1dyOZdOF7RsC9KtV/s728-rw-e365/northkorea.png
ImgSrc: blogger.googleu

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • infosec.exchange: NEW: North Korean government hackers snuck spyware onto the official Android app store, and tricked a few people to download it, according to Lookout.
  • techcrunch.com: North Korean government hackers snuck spyware on Android app store
  • The DefendOps Diaries: KoSpy: Unmasking the North Korean Spyware Threat
  • PCMag UK security: Suspected North Korean Hackers Infiltrate Google Play With 'KoSpy' Spyware
  • BleepingComputer: New North Korean Android spyware slips onto Google Play
  • bsky.app: A new Android spyware named 'KoSpy' is linked to North Korean threat actors who have infiltrated Google Play and third-party app store APKPure through at least five malicious apps. https://www.bleepingcomputer.com/news/security/new-north-korean-android-spyware-slips-onto-google-play/
  • The Record: A North Korean nation-state group tracked as APT37 or ScarCruft placed infected utilities in Android app stores as part of an espionage campaign, according to researchers
  • www.scworld.com: Android spyware ‘KoSpy’ spread by suspected North Korean APT
  • securityaffairs.com: North Korea-linked APT group ScarCruft spotted using new Android spyware KoSpy
  • bsky.app: A new Android spyware named 'KoSpy' is linked to North Korean threat actors who have infiltrated Google Play and third-party app store APKPure through at least five malicious apps.
  • The Hacker News: The North Korea-linked threat actor known as ScarCruft is said to have been behind a never-before-seen Android surveillance tool named KoSpy targeting Korean and English-speaking users.
  • securityonline.info: North Korea’s APT ScarCruft Places Spyware on Google Play
  • securityaffairs.com: North Korea-linked APT group ScarCruft used a new Android spyware dubbed KoSpy to target Korean and English-speaking users.
  • Secure Bulletin: New Android spyware “KoSpyâ€� linked to North Korean APT37
  • securityonline.info: North Korean ScarCruft APT Targets Users with Novel KoSpy Android Spyware
  • Carly Page: North Korean-linked hackers uploaded Android spyware to Google Play. The spyware, which collects an “extensive amountâ€� of sensitive data, was downloaded more than 10 times before Google removed it, according to Lookout
Classification:
  • HashTags: #Android #KoSpy #ScarCruft
  • Company: Google
  • Target: Korean and English-speaking users
  • Attacker: ScarCruft
  • Product: KoSpy
  • Feature: Android Spyware
  • Malware: KoSpy
  • Type: Malware
  • Severity: Major