The National Telecommunication and Information Security Board (NTISB) has issued Cybersecurity Advisory No. 09/2025, alerting users about dangerous Android apps. These apps, recently removed from the Google Play Store, pose severe privacy and security risks. The advisory, shared via Cabinet Division’s U.O No. 1-5/2023/24 (NTISB-II) on May 19, 2025, urges strict compliance across all departments.
Malicious Apps Removed from Google Play Store
In March 2025, Google identified and removed multiple apps linked to KoSpy spyware and the Anatsa (TeaBot) banking trojan. These apps were disguised as legitimate tools, including file managers and security apps. Their removal highlights ongoing threats to mobile security, emphasizing the need for vigilance when downloading applications from app stores.
KoSpy Spyware: A Severe Privacy Threat
KoSpy spyware is linked to North Korean hacking groups APT-37 (ScarCruft) and APT-43 (Kimsuky). It infiltrates devices through fake utility apps like Phone Manager and Software Update Utility. Once installed, KoSpy accesses SMS messages, call logs, locations, media files, and even screenshots, compromising sensitive user data.
Anatsa Banking Trojan: A Financial Hazard
The Anatsa (TeaBot) banking trojan disguises itself as file managers and document readers. It targets financial apps, stealing login credentials and sensitive banking information. With over 220,000 downloads before removal, Anatsa represents a widespread threat to mobile users, particularly those using online banking services.
How to Protect Your Device
Users must immediately uninstall any identified malicious apps. Checking installed applications against the advisory’s list is crucial. Additionally, enabling Google Play Protect can help detect and block harmful apps automatically. Staying informed about cybersecurity threats is key to preventing infections.
Download Apps Only from Trusted Sources
To minimize risks, users should download apps exclusively from official stores like Google Play. Third-party app stores often host malicious software. Verifying developer credibility and reading reviews before installation can further reduce exposure to harmful applications.
Avoid Apps with Excessive Permissions
Apps requesting unnecessary permissions, such as access to SMS or the microphone without justification, should be avoided. Users must scrutinize permission requests during installation. Overly intrusive apps often serve as fronts for spyware or data theft operations.
Enable Google Play Protect for Added Security
Google Play Protect scans apps for malware before and after installation. Enabling this feature provides an additional layer of security. Regular updates to the operating system and installed apps also help patch vulnerabilities exploited by cybercriminals.
Organizations Must Disseminate the Advisory
The NTISB advisory emphasizes prompt distribution within organizations. Ensuring employees and stakeholders are aware of these threats can prevent security breaches. Proactive measures, including cybersecurity training, can enhance overall digital safety.
Stay Vigilant Against Evolving Threats
Cyber threats continue to evolve, requiring constant vigilance. Users and organizations must adopt best practices, such as regular security audits and threat awareness programs. Following official advisories helps mitigate risks associated with malicious software.
Conclusion: Prioritize Mobile Security
The NTISB’s warning highlights the growing sophistication of mobile threats. By uninstalling suspicious apps, avoiding untrusted sources, and enabling security features, users can safeguard their data. Cybersecurity is a shared responsibility, and staying informed is the first step toward protection.