Cybersecurity company Lookout has revealed that a hacker group linked with North Korea managed to upload and download a sophisticated spyware targeting Android devices on the Google Play Store. According to technical analysis, the spyware in question goes by the code name “KoSpy.” Cybersecurity researchers believe that this software was developed by a state-sponsored group and is intended for data collection against specific target audiences. The release of the malware in the app store is considered a sign of how advanced the sophisticated social engineering and vulnerability exploitation techniques used by cyber attackers are.KoSpy is said to combine many advanced spyware functions. According to Lookout, the software has the capability to access SMS messages, call logs, contacts, location information, and file system of the device it infects. KoSpy can also activate the device’s camera and microphone without the user’s knowledge to record audio and video, obtaining detailed information about the target individual’s daily life. It is highlighted that the software can run undetected for long periods by utilizing minimal system resources.Security company officials who detected the malicious software stated that the likely targets of the cybercriminals are people residing in South Korea who speak English and Korean. It was revealed that the spyware utilized domain names and IP addresses previously used by North Korean hacker groups APT37 and APT43.Google Spokesperson Ed Fernandez, speaking on the matter, stated that Lookout shared their report and all applications utilizing similar infrastructures were removed from the Play Store. Fernandez reassured users that Google Play automatically protects users from all known versions of this malicious software to defend against cyber threats.The KoSpy incident provides significant insights into the evolution of cyberattacks. Methods used by hackers are becoming increasingly sophisticated. Cybersecurity experts advise users against downloading applications from unknown stores and developers. Additionally, emphasizing the importance of using the most up-to-date operating system versions on devices to protect against cyber threats.