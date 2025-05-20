ISLAMABAD – Millions of Android users are exposed to Banking Trojan on Google Play as a new alert has been issued amid surge in spying and hacking attempts.

National Telecommunication and Information Security Board shared stern warning about recent malicious Android apps that have been discovered and removed from the Google Play Store. This advisory urges strict compliance across all departments.

Several apps were earlier removed due to link with KoSpy spyware and the Anatsa (TeaBot) banking trojan. These malicious Android apps were often disguised as file managers or security tools, posing significant threats to user privacy and mobile security.

KoSpy Spyware

KoSpy Spyware was linked with North Korean threat groups APT-37 (ScarCruft) and APT-43 (Kimsuky), The app can access messages, call logs, locations, media files, audio recordings, and screenshots. It was spread through fake utility apps such as Phone Manager, File Manager, Smart Manager, Kakao Security, and Software Update Utility.

Anatsa (TeaBot) Banking Trojan

Masquerading as file managers and document readers, this banking malware targets financial apps to steal login credentials and sensitive data. It has been downloaded more than 220,000 times, indicating widespread exposure.