<ul><li>North Korea-linked APT group ScarCruft has been using a new Android spyware called KoSpy to target Korean and English-speaking users.</li><li>KoSpy has been observed masquerading as utility apps like Phone Manager and File Manager, and has been distributed through the Google Play Store and Firebase Firestore.</li><li>The spyware collects SMS, calls, location, files, audio, and screenshots through plugins, and communicates with its C2 servers for further exploitation.</li><li>Researchers have found connections between KoSpy, APT37, and APT43, suggesting broader cyber-espionage operations targeting Korean users.</li></ul>

North Korea-linked APT group ScarCruft spotted using new Android spyware KoSpy

Discover more