North Korean spyware for Windows steals data from your phone

Towards least from the perspective of the average customer, most efforts to secure sensitive data are directed at a specific gadget. But in today’s interconnected world, maybe a fresh look at that strategy is in order. For instance, recently, hackers working for state-sponsored organisations discovered a new piece of malware. After being installed on a Windows computer, the programme will scour the internal memory of any connected phone for additional sensitive data, according to private security firm ESET.

To collect intelligence on South Korean and other Asian governments and economic interests, “Dolphin” virus is linked to several spyware and digital espionage organisations alleged to be working for the North Korean government. It’s being sent to strategic locations. The application searches the victim’s computer and uploads whatever sensitive data it finds, including passwords and other security credentials, to a Google Drive account from which hackers may steal it. Not only does it record password input, but it also stores screenshots and files with certain extension names. BleepingComputer was the first to notice the ESET report.

What’s intriguing is the broader hardware focus. Once Dolphin is installed on a Windows machine, it will automatically scan any external storage that is linked using the Windows Portable Device API. This is the mechanism that tells mobile device storage from, say, a USB flash drive. Dolphin does the similar search upon connecting, looking through the phone’s storage for any private data or files. Physically separating a phone from a computer seems to render it immune to active compromise.

Dolphin is currently being used in “watering hole” attacks, which infect websites frequented by high-profile users with connections to governments, banks, and other potentially high-level targets. Indicating its usage to restrict access to sensitive information or resources to a select few. In other words, this isn’t the type of virus you get by installing a shady browser plugin. Still, it serves as a sobering reminder that your phone’s storage is no more or less secure than your computer’s… each have the potential to serve as weak spots for the other.