Windows spyware from North Korea steals data from your phone

Information security usually focuses on a single device, at least as far as consumers are concerned. But in an increasingly connected world, it might be worth re-examining that approach. Case in point: a newly discovered piece of malware in use by state-sponsored hacking groups. Private security company ESET found that the tool, once established on a Windows PC, will search the storage of any phone connected for even more information to steal.

The “Dolphin” malware is connected to multiple spyware and digital espionage groups believed to be working for the government of North Korea, primarily for the purposes of gathering information on South Korea and other Asian governments and industrial interests. It’s being deployed to specific targets. The tool uses fairly standard Python-based methods of searching a victim’s machine, then uploading sensitive information like passwords and other security credentials to a Google Drive account, where hackers can easily retrieve it. It also collects keystrokes for passwords, targeted extension files, and screenshots. The ESET report was spotted by BleepingComputer.

What’s interesting is the expanded hardware scope. Once installed on a Windows device, the Dolphin program will also scan any portable storage connected via the Windows Portable Device API. This is the system that recognizes an Android or iPhone’s storage as different from, say, a USB flash drive. Upon connection, Dolphin performs the same search for sensitive information and files on the phone’s storage. It doesn’t appear that there’s a means of actively compromising a phone once it’s physically disconnected from the PC.

So far, Dolphin is being deployed in “watering hole” attacks, which infect websites frequented by high-profile users connected to governments, banks, and other potential high-level targets. It indicates that it’s being used to target specific users or groups with access to valuable data or systems. In other words, this isn’t the kind of infection you get from downloading a sketchy browser extension. Even so, it’s a sobering reminder that the data storage on your phone isn’t any more or less secure than that on your PC…and both can become points of vulnerability to the other.
Security