Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
A group of hackers with links to North Korea, downloaded the Android spy program to the Google Play App Store and the CyberCurity was able to cheat some people to download it according to the firm.
In a report broadcast on Wednesdayand shared with TechCrunch with detailed information of a spying campaign that covers only a few different samples An Android spy program The company is called the Cassage associated with the “high confidence” to the North Korean government.
At least one of the spyware applications was at a point in Google Play, and in the official Android App Store, they have downloaded more than 10 times for the application page for the application page. LookOut report includes a screenshot of the page.
In the last few years, North Korea hackers have caught headlines for the brave crypto About $ 1.4 billion in the last theft With Crypto Exchange Bybit, in order to further increase the country’s prohibited nuclear weapon program. However, in this new spy program, all the signs are based on the functionality of spyware applications designated by LookOut, this control operation.
The purposes of the North Korea spyware campaign are not known, but Cristoph Hebeisen, Lookout Security Intelligence Research Manager TechCrunch, only a few loads, targeted people targeted.
According to LookOut, Kospy includes “Extensive sensitive data”: SMS text messages, call notes, device location information, files and folders, list of keystrokes, Wi-Fi network details and installed applications.
Tospy can also record voice, draw pictures with phone cameras and take screen screenshots in use.
Lookout also found that Kospy trusted FirestoreA cloud database built in the Google Cloud infrastructure to get “initial configuration”.
Google Spokecherson Ed Fernandez told Techcrunch, which has shared the report with his report and “All defined applications” were removed from the Kospy Sample in Google Play “and” Firebase projects.
“Google Play protects users from the known versions of this harmful program on Android devices with Google Play services,” Fernandez said.
Google did not report other specific questions about the report, including other information about other information about the North Korean regime and other information.
Contact us
Do you have more information about the Kospy or other spy program? You can contact the signal securely with Lorenzo Franceschi-Bichierai, which is a unemployed device and network +1 917 257 1382 or telegram and keybase @lorenzofb or Email. You can also contact TechCrunch Secretary.
The report also said that Lookout, the third party has found a number of spy software applications in the App Store APKPURE. APKPure spokesman said the company did not receive “any email”.
The person or people did not meet TechCrunch’s commentary request to manage the developer’s email address listed in the Google Play Page Hosting Spyware app.
LookOut’un Hebeisen, along with the General Staff Safety Scipist Alemdar Islamoglu, TechCrunch’a, Hacked in terms of effective ones, this is followed by speakers in English or Korea.
Lookout’s assessment is based on the names of some applications in Korea, and some applications support the Korean language names and user interface and have a user interface.
LookOut also found that spy software applications used domain names and IP addresses as existing in the previously harmful program Command and control infrastructure APT37 and APT43 are used by the North Korean government’s hacking groups.
“It seems that it is interesting about the threat of North Korea’s threat, it seems, it seems successful to enter the official app stores of applications,” he said hebeisen.
