In a critical move to safeguard digital users in Pakistan, the National Telecommunication and Information Security Board (NTISB) under the Cabinet Division has issued a nationwide cybersecurity advisory warning against malicious mobile apps available on the Google Play Store.
📅 Issued By: NTISB – Cabinet Division
📍 Recipients: Federal ministries, divisions, and the general public
📲 Focus: Spyware and banking trojans disguised as legitimate utility apps
🕵️♂️ Malicious Apps Disguised as Utility Tools
The advisory revealed that several harmful apps—although now removed by Google—were previously available for download and posed serious privacy and financial security risks.
These apps impersonated useful tools such as:
- Phone Manager
- File Manager
- Smart Manager
- Kakao Security
- Software Update Utility
❗ While they appeared safe, these apps secretly harvested sensitive user data and facilitated cyber surveillance.
🐞 Notorious Malware Involved: KoSpy & Anatsa (TeaBot)
📡 KoSpy Spyware
- Linked to North Korean APT groups APT-37 (ScarCruft) and APT-43 (Kimsuky)
- Capable of extracting:
- SMS and call logs
- Audio recordings and screenshots
- Location data and local files
- Used for covert surveillance and data theft
🏦 Anatsa (TeaBot) Banking Trojan
- Spread through apps disguised as file managers and document viewers
- Targeted banking app users
- Attempted to steal login credentials and financial info
- 📥 Over 220,000 downloads before takedown—highlighting its alarming reach
🛡️ Advisory: How to Stay Safe
The NTISB has urged both public and private users to take the following precautions:
✅ Delete any apps mentioned in the advisory
✅ Download only from trusted developers
✅ Verify app legitimacy before installation
✅ Avoid apps requesting suspicious or excessive permissions
✅ Enable Google Play Protect for real-time threat detection
📢 “All departments, organizations, and users must share this advisory widely and adopt the necessary cybersecurity hygiene practices,” the NTISB stated.
