North Korean Spyware KoSpy Targets Android Users Via Fake Apps - 1

Image by Azamat E, from Unsplash

North Korean Spyware KoSpy Targets Android Users Via Fake Apps

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Sarah Frazier Former Content Manager

Researchers from cybersecurity firm Lookout have uncovered a new Android spyware, KoSpy, attributed to the North Korean hacking group APT37, also known as ScarCruft.

In a Rush? Here are the Quick Facts!

  • The malware steals SMS, call logs, location, audio, files, and screenshots.
  • KoSpy apps were on Google Play but have been removed by Google.
  • The spyware communicates via Firebase and a two-stage Command and Control system.

The malware, first spotted in March 2022, remains active and has been embedded in fake utility apps like “File Manager,” “Software Update Utility,” and “Kakao Security.” These apps, previously available on Google Play and third-party stores such as Apkpure, were designed to target Korean and English-speaking users.

KoSpy collects a wide range of sensitive information, including text messages, call logs, location data, files, audio recordings, and screenshots.

The spyware operates using a two-stage command-and-control (C2) system, first retrieving configurations from a Firebase cloud database before establishing communication with remote servers. This setup allows the attackers to change servers or disable the malware as needed.

Google has removed all known malicious apps from its Play Store. A spokesperson stated, “Google Play Protect automatically protects Android users from known versions of this malware on devices with Google Play Services, even when apps come from sources outside of Play,” as reported by The Record .

KoSpy also shares infrastructure with another North Korean state-backed hacking group, APT43, known for spearphishing campaigns that deploy malware to steal sensitive data. This overlap in infrastructure makes precise attribution difficult, but Lookout researchers link KoSpy to APT37 with medium confidence.

ScarCruft has been conducting cyber-espionage operations since 2012, primarily targeting South Korea but also extending its reach to Japan, Vietnam, Russia, Nepal, China, India, Romania, Kuwait, and the Middle East. The group has been linked to attacks on media organizations and high-profile academics, as well as a malware operation in Southeast Asia.

Although KoSpy is no longer available on the Google Play Store, researchers warn that users should remain cautious of suspicious apps, especially those requesting excessive permissions. Keeping devices updated and relying on official app stores with security protections like Google Play Protect can help mitigate risks.

Meta Obtains Legal Order to Halt Promotion of Ex-Employee’s Memoir - 2

Photo by Barry on Unsplash

Meta Obtains Legal Order to Halt Promotion of Ex-Employee’s Memoir

  • Written by Andrea Miliani Former Tech News Expert
  • Fact-Checked by Sarah Frazier Former Content Manager

Meta obtained a legal order to halt the promotion and distribution of a former director’s memoir during an emergency hearing this Wednesday. The arbitrator ruled in favor of Meta’s allegations that the author may have violated a non-disparagement severance agreement.

In a Rush? Here are the Quick Facts!

  • Meta secured a legal order to halt the promotion of former employee Sarah Wynn-Williams’s memoir, Careless People , alleging violations of a non-disparagement agreement.
  • The memoir contains allegations of misconduct and sexual harassment, including claims against top executives.
  • Meta disputes these claims, stating that Wynn-Williams was terminated for poor performance and that her allegations are false and outdated.

According to the official ruling , the tech giant won, temporarily, the legal victory to stop Sarah Wynn-Williams’s book, Careless People: A Cautionary Tale of Power, Greed, and Lost Idealism , from reaching a wider audience during an emergency proceeding she didn’t attend. A contract signed in 2017—which prohibited Wynn-Williams from making negative statements—was considered for the decision.

Wynn-Williams, worked at Facebook—now Meta—from 2011 to 2017 where she served as Director of Public Policy. Her profile at the World Economic Forum states she is an international lawyer and policy expert with vast experience as a diplomat. And, up until last week, her tell-all memoir of her seven years at Facebook was kept a secret.

“Careless People is darkly funny and genuinely shocking: an ugly, detailed portrait of one of the most powerful companies in the world,” wrote journalist and literary critic Jennifer Szalai in a review of the book at The New York Times published this week. “What Wynn-Williams reveals will undoubtedly trigger her former bosses’ ire.”

After learning about the book’s publication, Meta immediately denied Wynn-Williams’s allegations and took action.

“This is a mix of out-of-date and previously reported claims about the company and false accusations about our executives,” said a Meta spokesperson about the book in an interview with the New York Post published on Monday. “Eight years ago, Sarah Wynn-Williams was fired for poor performance and toxic behavior, and an investigation at the time determined she made misleading and unfounded allegations of harassment.”

Andy Stone, Communications Director at Meta, shared a post on Threads including the filing issued by the emergency arbitrator Nicholas A Gowen after considering that Meta had provided enough information to consider that Wynn-Williams could have violated her contract in publishing her memoir.

“This ruling affirms that Sarah Wynn Williams’ false and defamatory book should never have been published,” wrote Stone in the post. “This urgent legal action was made necessary by Williams, who more than eight years after being terminated by the company, deliberately concealed the existence of her book project and avoided the industry’s standard fact-checking process in order to rush it to shelves after waiting for eight years.”

Many users replied to Stone’s post saying that Meta’s censorship moves had only increased their interest in reading Wynn-Williams’s book and criticized the tech giant’s arguments. “I’m terribly confused. I thought Facebook was returning to its roots and embracing free speech. Can’t ‘community notes’ address false statements?” wrote one user referring to Meta’s recent decision to end its fact-checking program.