A cybersecurity advisory was issued by the Cabinet Division’s National Telecommunication and Information Security Board (NTISB), in which all federal ministries, divisions, and the public were warned about the dangerous mobile apps that exist on the Google Play Store. According to the advisory, a number of apps were discovered that posed serious risks to user privacy and device security. Google not only discovered such apps but also got rid of them.
The advisory stated that the dangerous programs included those associated with the Anatsa (TeaBot) banking malware and KoSpy spyware. These applications pretended to be useful tools like Phone Manager, File Manager, Smart Manager, Kakao Security, and Software Update Utility, but their true purpose was to gather private user information.
Two North Korean threat groups, APT-37 (ScarCruft) and APT-43 (Kimsuky), are said to be responsible for the KoSpy spyware. KoSpy spyware can harvest files, location data, audio recordings, SMS messages, phone records, and screenshots.
According to the advice, “TeaBot,” which is also known as “Anasta,” was administered with the help of apps that looked like document readers and file managers.
The main target of “Anasta” was the customers of the banking app. The “Anasta” hoped to attain financial data and login passwords from the banking app customers. The warning heavily highlights the banking trojan’s widespread distribution and dangers, as it was downloaded over 220,000 times before it was removed by Google.
The recommendation states that users should only download apps from reliable sources and remove any dangerous apps from their devices right away. Additionally, it suggests avoiding apps that ask for a lot of or questionable permissions and checking the validity of apps before installing them. Google Play Protect is advised to be activated as an additional security measure. It can identify and expel dangerous Play Store apps automatically.
NTSIB has instructed all appropriate departments, organizations, and users to spread the warning thoroughly and to make certain that the required cybersecurity safeguards are executed.
Loading ...
