A sophisticated cross-platform attack bridges Windows PCs and Android devices, using Google's own service as a destructive tool.

Continue reading
Security researchers have uncovered a disturbing campaign by the North Korean threat actor APT37. The group is systematically stealing Google credentials from infected Windows computers to locate then remotely and factory reset victims' Android phones using Google's Find My Device service.
This is not an exploit of a software vulnerability. It is a calculated abuse of a legitimate cloud service, hinging entirely on the theft of user credentials. The attack demonstrates a sophisticated understanding of operational security, as the remote wipe is often timed for when the victim is physically separated from their device, delaying discovery and response.
The attack unfolds with precision across different platforms:
This campaign is notable for its hybrid nature. It doesn’t rely on mobile malware but instead uses a PC infection as a pivot point to attack mobile assets through the cloud. By compromising the central Google account, the attackers gain a powerful, legitimate tool for destruction.
The secondary propagation method—using the victim’s active KakaoTalk session on the infected PC to send malware to their contacts—adds a layer of social engineering that makes the campaign highly effective and self-spreading.
Since the core vulnerability is stolen credentials, the defense is straightforward but critical:
This incident serves as a stark reminder that mobile security is inextricably linked to PC and cloud account security. A breach on one platform can have immediate and devastating consequences on another.

148 malicious npm packages masquerading as student proxy and school Wi-Fi bypass tools. Rather than compromising developers during installation