Researchers have identified a new wave of spyware-infected Android apps, allegedly developed by a North Korean state-backed hacking group, aimed at spying on Korean and English-speaking users.
Cybersecurity firm Lookout has attributed the malware, named KoSpy, to an advanced persistent threat (APT) group tracked as ScarCruft or APT37. The malware was found on both the Google Play Store and third-party app marketplaces.
KoSpy’s Capabilities and Targets
KoSpy is designed to collect and exfiltrate sensitive user data, including:
- Call logs
- Text messages
- Files and stored data
- Audio recordings
- Screenshots
- User location
According to Lookout’s report, the malware was embedded in fake utility applications under names like File Manager, Software Update Utility, and Kakao Security. While Google has removed all identified malicious apps from its Play Store, the malware remains a threat through unofficial app sources.
A Google spokesperson stated that the latest malware sample was taken down before any user installations occurred on Google Play.
“Google Play Protect automatically protects Android users from known versions of this malware on devices with Google Play Services, even when apps come from sources outside of Play,” the spokesperson said.
Long-Running Espionage Campaign
KoSpy has been in circulation since March 2022, with new samples discovered as recently as last year, Lookout reported. More than half of the infected apps feature Korean-language titles, and the malware interface supports both English and Korean. The language displayed depends on the device’s system settings.
The infrastructure behind KoSpy has similarities to that used by Kimsuky (APT43), another North Korean state-sponsored group known for spearphishing campaigns and malware deployment under the forceCopy operation.
ScarCruft, the group linked to KoSpy, has been active since 2012 and primarily targets South Korea. However, Lookout’s analysis shows that the group has also attacked users in:
- Japan
- Vietnam
- Russia
- Nepal
- China
- India
- Romania
- Kuwait
- Several Middle Eastern nations
In January, ScarCruft was linked to a cyber-espionage campaign targeting media organizations and high-profile academics. In October, another malware operation in Southeast Asia was attributed to the group.
As North Korean cyber operations continue evolving, security experts warn that malware-laden mobile apps remain a significant espionage threat—particularly for individuals in government, academia, and media industries.
Help us bring real change! Corporate lobbying has corrupted our system for too long, and it’s time to take action. Please sign and share this petition—your support is crucial in restoring accountability to our government. Every signature counts! Thank you!
https://www.ipetitions.com/petition/restore-our-republic-end-lobbying
Support truth, health, and preparedness by shopping the Alex Jones Store through our link. Every purchase helps sustain independent voices and earns us a 10% share to fuel our mission. Shop now and make a difference!
https://thealexjonesstore.com?sca_ref=7730615.EU54Mw6oyLATer7a
Sponsored • TRJ Ads
Inquiries: contact@therealistjuggernaut.com
Thanks for this information, John. It’s obvious we have to be careful how we use our phones. What can we do to hackers in North Korea or any other country for that matter? I’m sure we catch them in accessible countries occasionally but the deep dark country of North Korea has got to be a different matter.
You’re absolutely right, Chris. Cybersecurity threats like this make it clear that we have to be vigilant with how we use our devices. When it comes to hackers in North Korea—or any other hostile nation—it’s a complicated issue. Countries with strong cyber laws and international cooperation can go after cybercriminals operating within their borders, but North Korea is a different beast. Their hackers are state-backed, meaning they have government protection and resources, making direct enforcement nearly impossible. The best approach is to harden our own defenses—patch vulnerabilities, improve security policies, and increase cyber intelligence sharing to limit their impact. Every time we make their job harder, we weaken their ability to cause damage.
Thanks for the reply, John. I can see how a country like North Korea would only be repelled by hardened defenses.
I hope you have a great day!
You’re welcome, Chris! I hope you have a great day as well. 😎