The games were offered through South Korean sites between May 19 and September 16 this year, the National Intelligence Service said in a report to parliament.
The apps have since been removed and the actual number of phones infected is unclear.
While phones were infected, the software doesn’t appear to have caused any damage but has left the phones vulnerable to eavesdropping and remote video taping, the reports said.
North Korea has often been blamed for cyber attacks on South Korean companies and institutions, although typically attacks attributed to the country have been launched from personal computers infected with malicious software.
The use of smartphones appears to be a new tactic, but is not surprising. Phones are often connected to the Internet continuously, unlike PCs, and hold a vast amount of personal information about the user.
They have become popular targets for criminals the world over, often with an aim of stealing banking credentials or email passwords.