Cybersecurity firm Lookout has revealed that a hacker group linked to North Korea successfully managed to upload a complex spyware targeting Android devices to the Google Play Store and get it downloaded by some individuals. According to technical analyses, the spyware in question is known by the code name “KoSpy.” Security researchers believe this software was developed by a state-sponsored group and aims to collect data from specific target audiences. The fact that the spyware was published in the store environment is considered as an indicator of how sophisticated the social engineering and vulnerability exploitation techniques used by cyber attackers are.KoSpy is said to combine many advanced spyware functions. According to Lookout, the software has the ability to access the SMS messages, call logs, contacts including all personal data on the device, as well as track the user’s location information and file system. KoSpy can activate the device’s camera and microphone without the user’s knowledge, record audio and video, and obtain detailed information about the target’s daily life. It is emphasized that the software can run unnoticed for a long time by using system resources sparingly.According to officials from the security company that discovered the malicious software, hackers likely targeted individuals living in South Korea who speak English and Korean. It was disclosed that the spyware used domain names and IP addresses previously used by North Korean hacker groups APT37 and APT43.Google Spokesperson Ed Fernandez, commenting on the matter, stated that Lookout shared their report and all applications using similar infrastructures were removed from the Play Store. Fernandez mentioned that Google Play automatically protects users from all known versions of this malicious software to shield users from cyber threats.The KoSpy incident provides important clues about the evolution of cyber attacks. The methods used by hackers are becoming more sophisticated each day. Cybersecurity experts warn users against downloading applications from unknown stores and developers. Furthermore, it is emphasized that using the latest versions of operating systems on devices is crucial to protect against cyber threats.