Cybersecurity company Lookout revealed that a hacker group connected to North Korea managed to upload a complex spyware targeting Android devices to the Google Play Store and have it downloaded by some individuals. According to technical analyses conducted, the mentioned spyware is referred to as “KoSpy.” Cybersecurity researchers believe that this software was developed by a state-sponsored group and aims to collect data from specific target audiences. The release of the software in the store environment is seen as an indication of how advanced and sophisticated the social engineering and security vulnerability exploitation techniques used by cyber attackers have become.

KoSpy is said to combine various advanced spyware functions. According to Lookout, the software has the capability to access the SMS messages, call logs, contacts, location information, and file system of the device it’s installed on. KoSpy can also activate the device’s camera and microphone without the user’s knowledge, allowing for audio and video recordings to be made and detailed information about the target’s daily life to be obtained. It is emphasized that the software can operate unnoticed for a long time by using minimal system resources.

According to the security company that detected the malicious software, hackers likely targeted individuals living in South Korea who speak English and Korean. It was revealed that the spyware used domain names and IP addresses previously utilized by North Korean hacker groups APT37 and APT43.

Google Spokesperson Ed Fernandez, speaking on the matter, stated that Lookout shared their report with them and that all applications using similar infrastructures have been removed from the Play Store. Fernandez emphasized that they have taken all necessary measures to protect users from cyber threats, stating, “Google Play automatically protects its users from all known versions of this malicious software on Android devices.” The KoSpy incident provides important clues about the evolution of cyber attacks. The methods used by hackers are becoming increasingly sophisticated. Cybersecurity experts warn users not to download apps from unknown stores and developers. Furthermore, it is stressed that using the most up-to-date versions of device operating systems is important for protection against cyber threats.