The National Telecommunication and Information Security Board (NTISB), operating under the Cabinet Division, has issued a critical cybersecurity advisory alerting all federal ministries, divisions, and the general public to the discovery of malicious mobile applications on the Google Play Store. This advisory is part of a broader national initiative to mitigate cyber threats that increasingly target both individuals and institutions through seemingly legitimate digital tools.
According to the NTISB, the affected applications—now removed by Google—posed significant risks to user privacy and device security. These apps were not just ordinary software; they were sophisticated tools engineered to act as spyware and banking trojans, operating covertly to collect sensitive personal and financial information from unsuspecting users.
The advisory highlighted two major threats: KoSpy spyware and the Anatsa banking trojan, also known as TeaBot. These malicious applications were disguised as everyday utility tools, bearing names such as Phone Manager, File Manager, Smart Manager, Kakao Security, and Software Update Utility. While appearing useful on the surface, these apps were specifically designed to infiltrate user devices and extract confidential data.
KoSpy, the advisory notes, is a particularly dangerous form of spyware allegedly developed and deployed by North Korean advanced persistent threat (APT) groups APT-37 (ScarCruft) and APT-43 (Kimsuky). Once installed on a device, KoSpy has the capability to harvest a wide range of sensitive information, including SMS messages, call logs, audio recordings, screenshots, device location, and stored files. The data collected through KoSpy could be used for surveillance, identity theft, or even cyber espionage.
Similarly, the Anatsa trojan (TeaBot) was found to be embedded within apps posing as file managers and document readers. Its primary objective was to target users of banking applications by capturing login credentials and stealing financial information. The NTISB advisory underlined the scale of the threat posed by Anatsa, revealing that these trojan-infected apps had amassed over 220,000 downloads before they were eventually removed from the Play Store. This widespread distribution underscores the severe security implications for Android users, especially those who engage in mobile banking.
In response to the threat, NTISB strongly advises all users to take immediate action by deleting any known malicious apps from their devices. Additionally, users are urged to be cautious when installing apps, ensuring that they only download from verified and trusted sources. The advisory also emphasizes the importance of checking app permissions and avoiding any application that requests access to data beyond its stated purpose.
For enhanced protection, the NTISB recommends enabling Google Play Protect, a built-in security feature that scans and blocks harmful apps automatically. This added layer of defense can be crucial in detecting threats before they compromise a device.
The NTISB has instructed all concerned departments, organizations, and users to disseminate the advisory widely and implement the recommended cybersecurity measures without delay. By doing so, the advisory aims to safeguard Pakistan’s digital infrastructure and protect citizens from escalating cyber threats linked to malicious mobile applications.
As cybercrime continues to evolve, such proactive advisories play a vital role in maintaining digital hygiene and national cybersecurity.
