Cybersecurity researchers discovered a new file malware Stress for Windows is capable of stealing sensitive data from any connected device, including mobile phones, and appears to be used by groups linked to the North Korean government.
Experts from ESET said that they had found a previously unknown inventor named Dolphin. Apparently, Dolphin is being used by a threat actor known as APT 37, or Erebus, a group with known ties to the North Korean government. Researchers say the group has been active for nearly a decade.
The dolphin was first spotted in April 2021, but has since evolved into quite the beast. Nowadays, he can steal information from the web browsers (stored passwords, credit card data, etc.), taking screenshots of infected people endpointsas well as logging all keystrokes.
Send everything to Google Drive
The malware gets its commands from the Google Drive instance, and sends all the collected information there as well.
Besides all this, Dolphin also collects information such as your computer’s name, local and external IP address, Endpoint security solutionshardware specifications and OS version.
Moreover, it scans all local and removable drives for sensitive data (documents, emails, photos, videos, etc.), as well as smartphones. ESET says this is made possible through the Windows Portable Device API.
So far, four different versions of the malware have been spotted in the wild, with the most recent version, 3.0, released in January 2022.
North Korea is relatively active on the cybercrime scene, with two major state-sponsored groups wreaking havoc throughout the digital world. Perhaps the most famous example is Lazarus Group, which managed to steal about $600 million from cryptocurrency firm Ronin Bridge. Intelligence reports indicate that the North Korean government is using cybercriminals’ devices to fund its operations.
Across: Computer (Opens in a new tab)