Cybersecurity researchers have discovered a new Windows malware strain that can steal sensitive data from any connected device, including mobile phones, and is apparently being used by groups associated with the North Korean government.
ESET experts said they had stumbled upon a previously unknown infostealer called Dolphin. Apparently, Dolphin is being used by a threat actor known as APT 37, or Erebus, a group with known ties to the North Korean government. The group, the researchers say, has been active for about a decade.
Dolphin was first spotted in April 2021, but has since grown into quite the beast. Today, it is capable of stealing information from web browsers (saved passwords, credit card details, etc.), taking screenshots of the infected endpoints and logging all keystrokes.
Send everything to Google Drive
The malware gets its commands from a Google Drive instance and sends all collected information there.
In addition, Dolphin also collects information such as your computer name, local and remote IP address, security solutions installed on the endpoint, hardware specifications, and operating system version.
Moreover, it scans all local and removable drives for sensitive data (documents, emails, photos and videos, etc.), as well as smartphones. ESET says this is made possible by the Windows Portable Device API.
So far, four different versions of the malware have been spotted in the wild, with the latest version 3.0, released in January 2022.
North Korea is relatively active on the cybercrime front, with a number of large state-sponsored groups wreaking havoc in the digital world. Perhaps the most infamous example is Lazarus Group, which managed to steal some $600 million from cryptocurrency company Ronin Bridge. Intelligence reports suggest that the North Korean government is using cybercriminals to fund its operations.
Through: Beeping computer (opens in new tab)