In a critical move to safeguard digital users in Pakistan, the National Telecommunication and Information Security Board (NTISB) under the Cabinet Division has issued a nationwide cybersecurity advisory warning against malicious mobile apps available on the Google Play Store.

Issued By: NTISB – Cabinet Division
Recipients: Federal ministries, divisions, and the general public
Focus: Spyware and banking trojans disguised as legitimate utility apps


Malicious Apps Disguised as Utility Tools

The advisory revealed that several harmful apps—although now removed by Google—were previously available for download and posed serious privacy and financial security risks.

These apps impersonated useful tools such as:

  • Phone Manager
  • File Manager
  • Smart Manager
  • Kakao Security
  • Software Update Utility

While they appeared safe, these apps secretly harvested sensitive user data and facilitated cyber surveillance.


Notorious Malware Involved: KoSpy & Anatsa (TeaBot)

KoSpy Spyware

  • Linked to North Korean APT groups APT-37 (ScarCruft) and APT-43 (Kimsuky)
  • Capable of extracting:
    • SMS and call logs
    • Audio recordings and screenshots
    • Location data and local files
  • Used for covert surveillance and data theft

Anatsa (TeaBot) Banking Trojan

  • Spread through apps disguised as file managers and document viewers
  • Targeted banking app users
  • Attempted to steal login credentials and financial info
  • Over 220,000 downloads before takedown—highlighting its alarming reach

Advisory: How to Stay Safe

The NTISB has urged both public and private users to take the following precautions:

Delete any apps mentioned in the advisory
Download only from trusted developers
Verify app legitimacy before installation
Avoid apps requesting suspicious or excessive permissions
Enable Google Play Protect for real-time threat detection

“All departments, organizations, and users must share this advisory widely and adopt the necessary cybersecurity hygiene practices,” the NTISB stated.