Researchers discovered several Android apps, some who were available in Google Play after the company’s security examination, which has secretly uploaded the user’s sensitive information to the North Korean government’s spies.
Malware samples – named COPS, security firm that discovered it – files, apps or updates, and masked as utility apps for device security management. Behind the interface, apps can collect a variety of information, including SMS messages, call log, location, files, close audio, and screenshots, and can send them to servers under North Korean intelligence personnel. Apps target English language and Korean speakers and are available in the markets of at least two Android app, including Google Play.
Think twice before installing
The surveillance ware masks as the following five different apps:
- 휴대폰 관리자 (Phone Manager)
- File manager
- 스마트 관리자 (smart manager)
- 카카오 보안 (Kakao Security) and
- Software update utility
In addition to the game, apps are also available in the third party’s Apakpur market. The following image shows how such an app appeared in the game.
Photo shows the developer’s email address was MlyQWl@gmail[.]com and Privacy Policy Page for app was located at https: //goldnsnakeBlog.blogspot[.]com/2023/02/Privacy Policy. html.
The page states, “I value your confidence in providing you with your personal information, thus we are trying to use its safety commercial means.” “But remember that no transmission method on the Internet, or the electronic storage method is 100 safe and reliable, and I cannot guarantee its absolute security.”
The page, which was available at the time of this post, was flowing on the ARS, it has no reports of misconduct on the virus tomorrow. On the contrary, IP addresses hosted by command and control servers have previously hosted at least three domains that have been known for hosting infrastructure used in North Korean spy operations.
