North Korea-Backed Hackers Launch Sophisticated Malware Attack Targeting Smartphones and PCs: Report

Seoul — A hacking group linked to North Korea has reportedly deployed a new form of cyberattack that allows remote control of Android smartphones and personal computers (PCs), enabling the deletion of crucial user data such as photos, documents, and contact information, according to a new report.

The attackers, believed to be associated with the Pyongyang-backed groups Kimsuky or APT37, infiltrated victims’ devices using malware distributed through KakaoTalk, a popular South Korean messaging app. Once infected, the malware enabled the theft of Google account credentials and data from major South Korean IT platforms, the Genians Security Center (GSC) said in its findings.

According to the Yonhap news agency, the hackers used Google’s location-tracking system to determine when victims were away from home or work before remotely resetting their smartphones. This not only disabled the devices but also blocked notifications and alerts, effectively isolating victims and delaying detection and response.

As a result, all stored data — including photos, documents, and contacts — was permanently erased.

The attackers reportedly went a step further by distributing additional malware disguised as “stress relief programs” through infected PCs and tablets at victims’ homes or offices.

The GSC also suggested that the hackers may have activated webcams on compromised computers to monitor whether victims were physically present, hinting at possible real-time surveillance through hijacked devices.

The institute described this dual strategy — combining device neutralization with account-based propagation — as “unprecedented” in North Korean cyber operations.

“This demonstrates the attackers’ growing tactical sophistication and refined evasion techniques,” the GSC noted. “It marks a critical turning point in the evolution of advanced persistent threat (APT) tactics.”

APT attacks refer to long-term, highly coordinated cyber intrusions typically aimed at espionage or strategic disruption.

The report emerges amid heightened tensions on the Korean Peninsula. Just days earlier, South Korea’s defence ministry condemned North Korea’s latest suspected ballistic missile launch, urging Pyongyang to halt actions that escalate regional instability.

“We strongly condemn the North’s recent missile launch and express deep regret over its criticism of South Korea–U.S. joint exercises,” the ministry said in a statement, calling on the North to “immediately stop all acts that heighten tensions.”

On Friday, North Korea fired a short-range ballistic missile into the East Sea, a day after threatening retaliation against new U.S. sanctions on Pyongyang.

With inputs from IANS