Dolphin malware is believed to originate from North Korean hacker groups that have been discovered by security experts.
According to research from cybersecurity company ESET, hacker group APT 37 (also known as Reaper, Red Eyes, Erebus, ScarCruft) used malware to attack users. According to the report, the infection will be carried out when the user connects the phone to the Windows operating system.
The tool uses Python-based methods to search the victim’s machine and then uploads sensitive information like passwords and security credentials to Google Drive, where it can be easily accessed by hackers. According to Bleeping Computer, the malware also collects password keystrokes, files with specific extensions, and screenshots.
The danger is that once infected on a Windows device, Dolphin will also scan any removable storage connected through the Windows Portable Device API. This is the Android or iPhone storage identification system or USB flash drives. Once connected, Dolphin performs a search for sensitive files and information on the phone’s storage.