Information security usually focuses on a single device, at least as far as consumers are concerned. But in an increasingly connected world, it might be worth re-examining that approach. Case in point: a newly discovered piece of malware in use by state-sponsored hacking groups. Private security company ESET found that the tool, once established on a Windows PC, will search the storage of any phone connected for even more information to steal.
The âDolphinâ malware is connected to multiple spyware and digital espionage groups believed to be working for the government of North Korea, primarily for the purposes of gathering information on South Korea and other Asian governments and industrial interests. Itâs being deployed to specific targets. The tool uses fairly standard Python-based methods of searching a victimâs machine, then uploading sensitive information like passwords and other security credentials to a Google Drive account, where hackers can easily retrieve it. It also collects keystrokes for passwords, targeted extension files, and screenshots. The ESET report was spotted by BleepingComputer.
Whatâs interesting is the expanded hardware scope. Once installed on a Windows device, the Dolphin program will also scan any portable storage connected via the Windows Portable Device API. This is the system that recognizes an Android or iPhoneâs storage as different from, say, a USB flash drive. Upon connection, Dolphin performs the same search for sensitive information and files on the phoneâs storage. It doesnât appear that thereâs a means of actively compromising a phone once itâs physically disconnected from the PC.
So far, Dolphin is being deployed in âwatering holeâ attacks, which infect websites frequented by high-profile users connected to governments, banks, and other potential high-level targets. It indicates that itâs being used to target specific users or groups with access to valuable data or systems. In other words, this isnât the kind of infection you get from downloading a sketchy browser extension. Even so, itâs a sobering reminder that the data storage on your phone isnât any more or less secure than that on your PCâŚand both can become points of vulnerability to the other.
