Security researchers at Lookout discovered five apps on Google Play infected with the North Korean KoSpy spyware. These apps, disguised as file managers, security tools, and software updaters, primarily target Korean and English speakers.
The apps can exfiltrate sensitive user data to the North Korean APT 37 hacking group (Scarcruft).
KoSpy can access user information through various means.
Google has removed the infected apps from Google Play.
Users are advised to scan their devices for these apps and consider using a VPN.