Security News > 2022 > November > New Windows malware scans victims’ mobile phones for data to steal
Security researchers found a previously unknown backdoor they call Dophin that's been used by North Korean hackers in highly targeted operations for more than a year to steal files and send them to Google Drive storage.
According to research from cybersecurity company ESET, the APT 37 threat group used the newly discovered malware against very specific entities.
The malware has an extended set of capabilities that includes scanning local and removable drives for various types of data that is archived and delivered to Google Drive.
Its search capabilities extend to any phone connected to the compromised host by using the Windows Portable Device API. ESET notes that this functionality appeared to be under development in the first version of the malware they found.
ESET researchers caught four distinct versions for the Dolphin backdoor, the latest being 3.0 from January 2022.
According to the researchers, the malware was used in a watering-hole attack on a South Korean paper reporting on activity and events related to North Korea.
News URL
Related news
- North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (source)
- Russia targets Ukrainian conscripts with Windows, Android malware (source)
- New SteelFox malware hijacks Windows PCs using vulnerable driver (source)
- New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus (source)