Bypassing security measures, North Korea is able to publish spy apps on the Google Play Store

Bypassing security measures, North Korea is able to publish spy apps on the Google Play Store.

The vast majority of smartphones sold worldwide come pre-installed with Google's app store, the Google Play Store. It is the most widely used store globally for distributing games and apps for smartphones and tablets, and it is the de facto standard in the Android industry. However, the release of a report describing a successful cyberattack from North Korea has raised doubts about its security.

According to a post by security company Lookout, KoSpy is an Android spyware program that can be found embedded in a number of apps that appear to be safe but are actually capable of tracking a user's every move and even recording their voice without consent.

The good news is that Google has already eliminated all of the malicious apps that were found after the researchers notified the company prior to the publication of this report. Google also revealed that Google Play Services, which is pre-installed on mobile devices, has enabled the Google Play Store to shield users from known versions of this malware. Nevertheless, it has also been verified that these applications have already made their way onto prospective victims' phones.

Five distinct apps, including file managers, phone apps, and security apps, are integrated with KoSpy to perform essential tasks. The majority of these apps are extremely basic and do not have any built-in features. Rather, the apps are already installed on the system. The "Software Updater" app, for instance, merely launches the Android system update screen.

Upon installing and launching these applications on an Android phone, KoSpy connects to an external server under the hackers' control while operating in the background. 

Depending on the objectives of the attackers and the procedures needed to gather information, executable code that carries out additional tasks and the precise spying procedure to be carried out can be downloaded via this connection. By listening to the victim's microphone, KoSpy can gather a lot of information from the mobile device as well as the surroundings of the person being spied on.

It is interesting to note that even though this spyware was distributed through the Google Play Store, the malicious apps' reach was actually fairly small. Actually, "File Manager - Android," a file manager-like app that was downloaded just ten times from the Google Play Store, was the most popular app. But according to researchers, this was because the attackers' objective was to take over specific people's phones rather than infect a lot of devices.