Skip to main content

Watch out for North Korean spyware apps on the Google Play store

Google Chat app on the Play Store.
Joe Maring / Digital Trends

Android users should be careful what they download from the Google Play store, as security researchers recently found a selection of apps which contained North Korean spyware hosted there. The five affected apps appeared to be benign system utilities like file managers, but once installed could collect personal information like SMS messages, call logs, and device location.

The spyware apps were identified by Lookout Threat Lab, which highlighted the following apps in both English and Korean: 휴대폰 관리자 (Phone Manager), File Manager, 스마트 관리자 (Smart Manager), 카카오 보안 (Kakao Security), and Software Update Utility. These apps have since been removed from the Play Store by Google.

Recommended Videos

The apps used a new surveillance tool called KoSpy, thought to originate from a North Korean state-sponsored hacking group called ScarCruft or APT37.

Please enable Javascript to view this content

“KoSpy is a new Android spyware attributed to the North Korean group APT37. It masquerades as utility apps and targets Korean and English speaking users,” the security researchers Lookout Threat Lab warned. “KoSpy can collect extensive data, such as SMS messages, call logs, location, files, audio, and screenshots via dynamically loaded plugins.”

The apps that were affected didn’t really work as they said they did: some of them did perform some functions with basic interfaces that opened up Android settings view, while others did not function at all and showed only a fake system window. But once installed, the apps could download plugins and collect surveillance information. Some of the information the apps could surveil included data on SMS messages, call logs, device location, local files and folders, recording screenshots and key strokes, and even recording audio or taking photos with the phone’s cameras.

Now that the apps have been removed from the Play Store it’s not clear how many people may have downloaded them and been affected, but it’s a good reminder to check the sources and reputation of apps before you download them and give them access to your device.

Georgina Torbet
Georgina has been the space writer at Digital Trends space writer for six years, covering human space exploration, planetary…
Google makes it harder to accidentally call 911 with your Pixel Watch
Weather on Pixel Watch 3.

The Pixel's Emergency SOS feature is undoubtedly helpful for keeping you safe, but it can lead to unwanted situations if accidentally triggered — like sending all twelve emergency contacts a rather risque video of yourself. An update to the Emergency SOS on Pixel Watches will help minimize any unfortunate incidents like that, at least in theory.

Google first announced the update at the end of January, but it's rolling out to users now. If you press down on the watch crown five times, instead of initiating a call to 911, it will prompt you to hold your screen for three seconds before making the call.

Read more
Google Messages can now be your notes app. Please don’t do that
The Google Messages app on the Galaxy S25 Ultra.

Google Messages recently got an update that allows Android users to use it as a notes app as well as a regular messaging app. This update flew under the radar until Android Authority reported on it last Friday, saying that people can now send long messages, high-quality media, and other content to themselves via RCS messaging, freeing them of the restrictions imposed by its predecessor, SMS messaging. While that is a useful upgrade on paper, it's not a good idea in practice.

A lot of people use messaging apps as a substitute for the original notes app pre-installed in their phones. The problem is text messages sent through RCS are not encrypted, let alone messages sent to yourself, posing a host of security issues. Not long after Apple adopted cross-platform RCS messaging with Android late last year, a group of Chinese hackers called Salt Typhoon launched a cyberattack on U.S. communications networks, leading the FBI and CISA warning Americans to use encrypted messaging platforms, especially if messages are being sent from Apple to Android and vice versa.

Read more
TikTok returns to Apple, Google app stores in U.S.
TikTok logo on an iPhone.

The TikTok saga continues. Apple reinstated the popular app to the App Store on Thursday evening, and a short while later Google followed suit and put it back on the Play Store. The move came after Attorney General Pam Bondi reportedly sent a letter to the tech giants assuring them that they will not face any penalties in relation to a law that banned the app in the U.S. last month.

Both Apple and Google removed TikTok from their respective U.S. app stores on January 18, the day before the law banning the app went into effect. Then, on January 20, newly elected President Trump signed an executive order granting TikTok a 75-day reprieve from the ban to give his administration “an opportunity to determine the appropriate course forward.”

Read more