🔍 Summary:
North Korean hackers have successfully infiltrated the Google Play Store with a spyware app called KoSpy, which cybersecurity firm Lookout attributes to the North Korean government with high confidence. The app, which was downloaded more than 10 times before being removed, was part of a surveillance operation aimed at collecting extensive personal data from targeted individuals. This data includes text messages, call logs, location data, keystrokes, Wi-Fi details, and more. KoSpy could also record audio, take photos, and capture screenshots.
Lookout’s report, shared with TechCrunch, indicates that the spyware was part of a highly targeted campaign likely aimed at South Korean users, given the language support and app titles. The spyware utilized Firestore, a Google Cloud database, for retrieving initial configurations. Following Lookout’s report, Google removed the identified apps and deactivated related Firebase projects. Google confirmed that its Play Services automatically protect users from known versions of this malware.
The report also noted that some KoSpy apps were found on the third-party app store APKPure, though APKPure did not acknowledge receiving communication from Lookout. The developers behind the spyware did not respond to inquiries, and the specific targets of the spyware remain unidentified, though they are believed to be highly specific individuals, possibly involving English or Korean speakers in South Korea.
![Meta Ray-Bans get a sleek new translucent limited edition release [Gallery] – 9to5Google](https://i0.wp.com/neuratrendai.com/wp-content/uploads/2025/03/image-148.jpg?fit=1024%2C683&ssl=1)
