The apps were no longer on Google Play, per Lookout [File]
| Photo Credit: REUTERS
Multiple apps on the Google Play Store that targeted English and Korean-language speakers were actually collecting sensitive user information and technical data to send to North Korean agents.
The malware and spyware in the affected apps was discovered by a security company called Lookout.
The presence of the apps on the Google Play Store raises red flags as it means the malware/spyware had passed Google’s security procedures for vetting app store applications.
The following apps – 휴대폰 관리자 (Phone Manager), File Manager, 스마트 관리자 (Smart Manager), 카카오 보안 (Kakao Security), and Software Update Utility – were named as containing surveillance-ware.
The user information that was at risk from the apps included SMS messages, call logs, device locations, files and folders in local storage, camera data and controls, the user’s on-screen activity, key strokes, installed apps, and network information.
The apps were no longer on Google Play, per Lookout.
“The spyware, attributed with medium confidence to the North Korean APT group ScarCruft (also known as APT37), is a relatively new family with early samples going back to March 2022. The most recent samples were acquired in March 2024,” noted Lookout security intelligence engineer Alemdar Islamoglu.
Users downloading apps to help manage their files and phone security have been advised to make sure they download offerings from trusted app marketplaces, and opt for trusted developers.
Even on these platforms, however, users should check app permissions and shared data as well as reviews, to make sure that the mentioned services are not a scam.
Published – March 13, 2025 12:14 pm IST
