Rita El Khoury / Android Authority
TL;DR North Korean hackers have apparently used Google’s Find Hub to remotely track and wipe victims’ devices.
A cybersecurity firm said the hackers initially compromised devices by sending malicious files via KakaoTalk.
It’s recommended that you enable two-factor authentication on your Google account and regularly change your password.
It’s not uncommon for hackers to turn your favorite apps and services against you, and it turns out cybercriminals are abusing Google Find Hub to remotely track and wipe victims’ Android phones and tablets.
Security firm Genians (h/t: Bleeping Computer) reports that North Korean state-backed hackers were compromising victims’ Android devices by using malicious files sent via the KakaoTalk chat app. The malicious scripts would then lie dormant on a user’s device, while also installing additional scripts to monitor and control the system. This way, the cybercriminals are able to harvest credentials for a variety of accounts and services.
Don’t want to miss the best from Android Authority? Set us as a favorite source in Google Discover to never miss our latest exclusive reports, expert analysis, and much more.
to never miss our latest exclusive reports, expert analysis, and much more. You can also set us as a preferred source in Google Search by clicking the button below.
The hackers were indeed able to use Google credentials harvested in this manner to gain access to the Find Hub tracking suite. From here, they remotely tracked victims’ locations and repeatedly reset their Android devices.
“While Find Hub is intended to safeguard Android devices, this is the first confirmed case in which a state-sponsored threat actor obtained remote control by compromising Google accounts, then used the service to perform location tracking and remote wipe,” Genians explained.
... continue reading