In a critical move to safeguard digital users in Pakistan, the National Telecommunication and Information Security Board (NTISB) under the Cabinet Division has issued a nationwide cybersecurity advisory warning against malicious mobile apps available on the Google Play Store.
๐
Issued By: NTISB โ Cabinet Division
๐ Recipients: Federal ministries, divisions, and the general public
๐ฒ Focus: Spyware and banking trojans disguised as legitimate utility apps
๐ต๏ธโโ๏ธ Malicious Apps Disguised as Utility Tools
The advisory revealed that several harmful appsโalthough now removed by Googleโwere previously available for download and posed serious privacy and financial security risks.
These apps impersonated useful tools such as:
- Phone Manager
- File Manager
- Smart Manager
- Kakao Security
- Software Update Utility
โ While they appeared safe, these apps secretly harvested sensitive user data and facilitated cyber surveillance.
๐ Notorious Malware Involved: KoSpy & Anatsa (TeaBot)
๐ก KoSpy Spyware
- Linked to North Korean APT groups APT-37 (ScarCruft) and APT-43 (Kimsuky)
- Capable of extracting:
- SMS and call logs
- Audio recordings and screenshots
- Location data and local files
- Used for covert surveillance and data theft
๐ฆ Anatsa (TeaBot) Banking Trojan
- Spread through apps disguised as file managers and document viewers
- Targeted banking app users
- Attempted to steal login credentials and financial info
- ๐ฅ Over 220,000 downloads before takedownโhighlighting its alarming reach
๐ก๏ธ Advisory: How to Stay Safe
The NTISB has urged both public and private users to take the following precautions:
โ
Delete any apps mentioned in the advisory
โ
Download only from trusted developers
โ
Verify app legitimacy before installation
โ
Avoid apps requesting suspicious or excessive permissions
โ
Enable Google Play Protect for real-time threat detection
๐ข โAll departments, organizations, and users must share this advisory widely and adopt the necessary cybersecurity hygiene practices,โ the NTISB stated.
