TechFlow, November 11 — Security researchers have discovered that the North Korean hacking group KONNI has developed a new attack method, exploiting Google's Find Hub asset tracking feature to remotely erase data from Android devices.
The attackers posed as psychotherapists and human rights activists, distributing malicious software named "Stress Relief Program" via South Korea's KakaoTalk messaging platform. Once victims executed these files, the attackers stole Google account credentials and used the Find Hub feature to track device locations and perform remote resets, resulting in personal data deletion.
This attack has been identified as a follow-up operation of the KONNI APT campaign, a group closely linked to North Korean government-backed organizations Kimsuky and APT37. Security experts advise users to strengthen account security, enable two-factor authentication, and remain cautious about files received through instant messaging tools.
