“To prevent the unauthorized abuse of remote wipe features through compromised Google accounts, service providers should review and implement real-time security verification measures, such as additional authentication processes that confirm the legitimate device owner,” researchers recommended.
The social engineering link
The threat continues beyond device wiping, with attackers distributing malware by compromising KakaoTalk accounts of trusted contacts.
GSC found that malicious files disguised as “stress-relief programs” were sent to close contacts via the messenger. “Among the victims was a professional psychological counselor who supports North Korean defector youths during resettlement by addressing psychological difficulties and providing services such as career guidance, educational counseling, and mentoring to help stabilize their well-being,” researchers added.
While one attack vector used device neutralization to disable alerts, the other launched the malware distribution via compromised chat accounts. GSC called this mix unprecedented among known state-sponsored APT actors and that it shows the attacker’s “tactical maturity and advanced evasion strategy”.
