Google Removes Spyware-Infested Apps from Play Store Amid Security Concerns

Google has confirmed the removal of multiple malicious apps from its Play Store after cybersecurity researchers uncovered a new spyware campaign linked to North Korean hackers.

The latest threat, identified as KoSpy malware, was exposed by cybersecurity firm Lookout, which attributed it to the APT37 (ScarCruft) hacking group. According to the report, KoSpy has been active since at least early 2022 and has been used to target English and Korean-speaking users. The malware is capable of stealing sensitive data, including SMS messages, call logs, device location, audio recordings, and screenshots.

Google has assured users that all newly identified spyware-laden apps have been removed from the Play Store. However, cybersecurity experts warn that these apps could still be available on third-party platforms.

Google’s Play Store Security Challenges

The Play Store has faced a series of security breaches in recent weeks. Google previously removed:

180 apps involved in an ad fraud scheme, which had accumulated 56 million downloads.
Anatsa (TeaBot) trojan, a dangerous banking malware.
Fake Play Store pages designed to deceive users into installing high-risk applications.
Despite these efforts, the persistence of malware threats raises concerns about the effectiveness of Google’s security measures. Some reports suggest that Google’s ability to prevent harmful spyware from infiltrating the Play Store remains inadequate.

How KoSpy Infects Devices

The malware disguises itself as fake utility apps, including:

• File Manager
• Software Update Utility
• Phone Manager (휴대폰 관리자)
• Smart Manager (스마트 관리자)
• Kakao Security (카카오 보안)

If users have any of these apps installed, they are advised to delete them immediately

Google’s Response and User Protection Measures

In response to Lookout’s findings, Google stated that the malware was identified and removed before any new user installations. The company also emphasized that Google Play Protect is actively preventing Android users from installing known versions of KoSpy, even if they originate from external sources.

To stay protected, users should:

• Enable Google Play Protect to scan for malicious apps.
• Avoid downloading apps from third-party stores.
• Regularly update their devices to patch security vulnerabilities.

With cyber threats evolving, experts urge Android users to remain vigilant and ensure their devices are safeguarded against spyware attacks.