Google removes KoSpy spyware and 180+ malicious apps from Play Store, as researchers warn of sideloading risks and new Android 15 protections in UK.
Google has removed over 180 malicious apps from its Play Store in March 2024, including the North Korean-linked KoSpy spyware, amid growing concerns about Android’s vulnerability to sophisticated cyberattacks.
The deletions follow warnings from researchers about apps bypassing security checks, while new risks emerge from sideloaded software.
Identified by Lookout Security, the KoSpy spyware—linked to North Korean state-backed groups APT37 (ScarCruft) and APT43 (Kimsuky)—infected devices via fake utility apps like "File Manager" and "Software Update Utility." Capable of harvesting SMS, call logs, location data, screenshots, and keystrokes, KoSpy has operated since early 2022.
Although Google removed all identified apps, Lookout warns that KoSpy variants remain active on third-party platforms.
A new University College London (UCL) study reveals that 85% of sideloaded parental control apps request excessive permissions, including 24/7 location tracking. Seventeen of 20 tested apps instructed users to disable Google Play Protect—a critical security layer—to avoid detection.
Notable unflagged apps included Bark, EvaSpy, and FlexiSpy, raising concerns about domestic abuse and unethical surveillance.
Google confirmed targeted regional attacks using KoSpy and emphasized Play Protect’s role in blocking known malware, even for sideloaded apps.
However, its recent update allowing temporary Play Protect pauses for easier sideloading has drawn criticism. Security experts warn this creates vulnerabilities, comparing it to "removing a seatbelt while driving at speed."
👉 Get to know the latest App Store policy updates
With Samsung accelerating Android 15 adoption for flagship devices by April 2025, new on-device threat detection features aim to combat post-install malware downloads.
👉 What to Expect from Android 16: Preview for Developers
Google’s Advanced Protection Program will soon block sideloading entirely for enrolled devices, shifting security focus from server-side scans to real-time local monitoring.
The KoSpy campaign underscores North Korea’s expanding cyberespionage tactics, exploiting trusted app categories. While Google’s swift removals are commendable, the recurring breaches highlight systemic gaps in Play Store vetting. Regulatory pressures to allow third-party app stores may further complicate Android’s security landscape. Users must prioritize Play Protect activation and avoid sideloading unless absolutely necessary.
Get FREE Optimization Consultation
Let's Grow Your App & Get Massive Traffic!
All content, layout and frame code of all ASOWorld blog sections belong to the original content and technical team, all reproduction and references need to indicate the source and link in the obvious position, otherwise legal responsibility will be pursued.