Android apps laced with North Korean spyware found in Google Play
1 min read
Summary
Security researchers have discovered multiple Android apps that stealthily extracted sensitive data and uploaded it to servers linked to North Korean hackers.
The Lookout security firm named the malware Kozpy and said it could capture screenshots, location data, SMS messages, call logs and audio from the phones of targeted users.
The apps have been available in the Google Play store and other Android markets, indicating a new avenue for state-sponsored cyber attacks.
In one example, the malware was embedded in an app called Phone Manager, which had been downloaded between 1,000 and 5,000 times.
On starting up, the app requested suspicious permissions, such as the ability to prevent the device from sleeping and to obscure the notification screen when new data is received.
These permissions would allow the app to siphon off data without alerting the user.
