Cybersecurity Advisory Warns Against Malicious Apps on Google Play Store
The National Telecommunication and Information Security Board (NTISB), operating under Pakistan’s Cabinet Division, has issued a cybersecurity advisory warning federal ministries, divisions, and the general public about dangerous mobile applications found on the Google Play Store. These malicious apps, although now removed by Google, posed serious risks to user privacy and device security.
According to the advisory, the apps were tied to two major cyber threats—KoSpy spyware and the Anatsa (also known as TeaBot) banking trojan. Disguised as utility tools like Phone Manager, File Manager, Smart Manager, Kakao Security, and Software Update Utility, these apps appeared legitimate but were built to secretly collect sensitive data.
State-Sponsored Spyware and Banking Trojan Threats
KoSpy, a powerful spyware linked to North Korean hacker groups APT-37 (ScarCruft) and APT-43 (Kimsuky), is capable of stealing call logs, SMS messages, audio recordings, screenshots, location data, and stored files from infected devices.
Meanwhile, the Anatsa banking trojan targeted users of financial apps by masquerading as document readers and file managers. Once installed, it aimed to steal banking credentials and personal financial information. Before its removal, Anatsa had been downloaded more than 220,000 times, demonstrating its wide reach and serious threat.
READ MORE:
Russia and China to Build Nuclear Power Station on Moon by 2035
NTISB Recommendations for Users and Organizations
The NTISB has urged users to immediately remove any suspicious or identified harmful apps from their devices. The advisory stresses the importance of downloading apps only from trusted sources, checking app legitimacy before installation, and avoiding apps that ask for excessive permissions.
Additionally, users are encouraged to activate Google Play Protect—a built-in feature that helps identify and block harmful software. All government departments and relevant organizations have been instructed to circulate this advisory widely and ensure robust cybersecurity practices are in place.
