Download applications from the official store of our Android device is the safest option. However, that does not mean that it is free of risks. Despite Google’s efforts to improve the security of Play Store, every so often some threat is filtered. This time it has been a North Korean spyware, which has managed to sneak out without raising suspicions.
A spyware disguised as file administrator. Cybercriminals have perfected their tactics for camouflating malware within applications that seem completely harmless. Many of them even work normally, but in the background they execute malicious actions. File Manager, as his name suggests, was presented as a Android file manager, but actually hid something very different.
According to the cybersecurity firm Lookout, File Manager hid a malware known as Kospy, which they believe with “high confidence” that was linked to North Korea. They have reached this conclusion, among other things, discovering that the malicious application uses domain names and IP addresses that were previously identified as present command and control infrastructures used by the groups of North Korean Cadincommers APT37 and APT43.
What could the malicious app? Experts warn that this application collected a Alarming quantity of confidential information, including SMS text messages, call records, device location, stored files and even user key pulsations. In addition, I could access details of the Wi-Fi network, obtain a list of installed applications and perform even more intrusive actions, such as recording audio, taking photos with the camera and capturing screenshots in the background.
A threat that was quickly neutralized. Although the Kospy spyware managed to infiltrate the Play Store, Google acted quickly. A company spokesman confirmed to TechCrunch that all identified applications were eliminated. According to a lookout screenshot, the malicious app came to download a dozen times before being removed from the Android store.
Integrated protection measures. Android devices have several layers of safety, including Google Play Protect, which analyzes applications before discharge, inspects the device in search of malicious software and, if it detects a threat, can automatically deactivate the harmful application. In addition, some manufacturers incorporate their own safety solutions, adding an extra layer of protection for users.
Avoiding the hook. The best defense against malicious apps is caution. Before installing any application, you should check what permits request. If a simple flashlight app requests access to our files, contacts or accessibility settings, something does not block.
Another effective strategy is to download applications from official sources. Instead of looking for “Microsoft Authenticator” in the Play Store and risk falling into a malicious imitation, it is safer get the link directly from the official Microsoft website. The same applies to any other service: if we need the BBVA app, Better go to your website and find the corresponding link therethus avoiding falling into traps.
Images | Xataka with Dall · E 3