The National Telecommunication and Information Security Board (NTISB), under the Cabinet Division, has issued a cybersecurity alert to federal ministries, departments, and the public, warning about malicious apps found on the Google Play Store. These apps, flagged and removed by Google, posed serious threats to user privacy and device security.
The advisory revealed that the apps included variants of KoSpy spyware and the Anatsa (TeaBot) banking trojan. Disguised as legitimate tools—such as Phone Manager, File Manager, and Smart Manager—these apps secretly harvested sensitive user data.
Read more: Government Issues Cyberattack Warning Amid Growing Tensions with India
KoSpy, linked to North Korean hacking groups APT-37 (ScarCruft) and APT-43 (Kimsuky), was capable of collecting SMS messages, call logs, audio recordings, screenshots, location data, and files.
Similarly, the Anatsa trojan, spread via apps disguised as file managers or document readers, targeted banking app users to steal login credentials and financial data. Before being removed, these apps were downloaded over 220,000 times.
The NTISB urges users to immediately uninstall any identified malicious apps and to only download from trusted sources. Users are also advised to verify app legitimacy, avoid apps requesting excessive permissions, and activate Google Play Protect to help block harmful software.
