North Korean hacker group KONNI uses Google Find Hub feature for the first time to remotely wipe data from Android devices
ChainCatcher reported that security researchers have discovered a new attack method developed by the North Korean hacker group KONNI, which for the first time uses Google's Find Hub asset tracking feature to carry out remote data wipe attacks on Android devices.
The attackers disguised themselves as psychological counselors and human rights activists, distributing malware called "Stress Relief Program" via the KakaoTalk communication platform in South Korea. Once victims execute these files, the attackers steal Google account credentials, use the Find Hub feature to track device locations, and perform remote resets, resulting in the deletion of personal data.
This attack has been confirmed as a follow-up action of the KONNI APT campaign, which is closely linked to the North Korean government-backed Kimsuky and APT 37 groups. Security experts recommend that users strengthen account security, enable two-factor authentication, and remain vigilant about files received through instant messaging tools.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Bubblemaps: 60% of aPriori project airdrop claimed by a single entity through 14,000 addresses
Spot gold falls below $4,100
Non-U.S. currencies collectively rise
"Machi" reduces long positions in ETH and UNI
