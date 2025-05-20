ISLAMABAD: The National Telecommunication and Information Security Board (NTISB) has issued Cybersecurity Advisory No. 09/2025, warning about recent malicious Android apps that have been discovered and removed from the Google Play Store. This advisory was shared through the Cabinet Division’s U.O No. 1-5/2023/24 (NTISB-II) on May 19, 2025, and it urges strict compliance across all departments.







In March 2025, Google identified and removed several apps associated with KoSpy spyware and the Anatsa (TeaBot) banking trojan. These malicious Android apps were often disguised as file managers or security tools, posing significant threats to user privacy and mobile security.

Technical Details

KoSpy Spyware : Associated with North Korean threat groups APT-37 (ScarCruft) and APT-43 (Kimsuky), KoSpy can access SMS messages, call logs, locations, media files, audio recordings, and screenshots. It was spread through fake utility apps such as Phone Manager, File Manager, Smart Manager, Kakao Security, and Software Update Utility.

: Associated with North Korean threat groups APT-37 (ScarCruft) and APT-43 (Kimsuky), KoSpy can access SMS messages, call logs, locations, media files, audio recordings, and screenshots. It was spread through fake utility apps such as Phone Manager, File Manager, Smart Manager, Kakao Security, and Software Update Utility. Anatsa (TeaBot) Banking Trojan: Masquerading as file managers and document readers, this banking malware targets financial apps to steal login credentials and sensitive data. It has been downloaded more than 220,000 times, indicating widespread exposure.

Recommendations for Users

Immediately uninstall any of the identified malicious Android apps from your device.

Download apps only from trusted developers and official sources.

Avoid installing applications that request unnecessary or excessive permissions.

Enable Google Play Protect to automatically detect and prevent the installation of harmful apps.

This advisory has been issued for prompt distribution within organizations to ensure proactive digital security and user protection.