Konni Android and Windows data-theft and remote-control campaign
Campaign
Summary
Hide ▲
Show ▼
The Konni operation was linked to a new Android and Windows campaign that blended spear-phishing with malware delivery to steal credentials and enable remote control. Attackers impersonated psychological counselors and North Korean human rights activists to spread a fake stress-relief program, then used stolen Google logins to abuse Find Hub for remote device resets and personal-data deletion. The activity was detected in early September 2025, showing the group is combining social engineering with legitimate account services to expand impact.
Related Happenings
Fake Gemini CLI and Claude Code SEO-poisoning infostealer campaign
Campaign
First: 22.05.2026 14:30
Last: 22.05.2026 14:30
Sources 1
About this happening:
**Cyber threat actors** ran a **malicious SEO-poisoning campaign** that impersonated **Google Gemini CLI** and **Anthropic Claude Code** to push malicious downloads. The operation...
Fake Gemini CLI and Claude Code SEO-poisoning infostealer campaign
CampaignAbout this happening: **Cyber threat actors** ran a **malicious SEO-poisoning campaign** that impersonated **Google Gemini CLI** and **Anthropic Claude Code** to push malicious downloads. The operation...
Bitter Middle East spear-phishing campaign targeting civil society figures
Campaign
First: 09.04.2026 13:45
Last: 09.04.2026 13:45
Sources 1
About this happening:
A **spear-phishing campaign** targeted **civil society figures in Middle Eastern countries**, including **three journalists in Egypt and Lebanon**, creating account-compromise ris...
Bitter Middle East spear-phishing campaign targeting civil society figures
CampaignAbout this happening: A **spear-phishing campaign** targeted **civil society figures in Middle Eastern countries**, including **three journalists in Egypt and Lebanon**, creating account-compromise ris...
Perseus Android malware family actively distributed in the wild
Malware Activity
First: 19.03.2026 14:43
Last: 19.03.2026 14:43
Sources 1
About this happening:
The **Perseus** **Android malware** family is being actively distributed in the wild, putting infected devices at risk of **device takeover** and **financial fraud**. It spreads t...
Perseus Android malware family actively distributed in the wild
Malware ActivityAbout this happening: The **Perseus** **Android malware** family is being actively distributed in the wild, putting infected devices at risk of **device takeover** and **financial fraud**. It spreads t...
Perseus Android note-stealing and remote-control malware activity
Malware Activity
First: 19.03.2026 12:13
Last: 19.03.2026 12:13
Sources 1
About this happening:
The **Perseus** Android malware is now being used to inspect user notes for secrets, creating theft risk for **passwords**, **recovery phrases**, and **financial data**. It is als...
Perseus Android note-stealing and remote-control malware activity
Malware ActivityAbout this happening: The **Perseus** Android malware is now being used to inspect user notes for secrets, creating theft risk for **passwords**, **recovery phrases**, and **financial data**. It is als...
Russian state-sponsored hackers' ongoing Signal and WhatsApp phishing campaign
Campaign
First: 09.03.2026 23:24
Last: 09.03.2026 23:24
Sources 1
About this happening:
An **ongoing Russian state-sponsored phishing campaign** is targeting **Signal** and **WhatsApp** users, with the **UK NCSC** warning on **March 31** that **Russia-based actors**...
Russian state-sponsored hackers' ongoing Signal and WhatsApp phishing campaign
CampaignAbout this happening: An **ongoing Russian state-sponsored phishing campaign** is targeting **Signal** and **WhatsApp** users, with the **UK NCSC** warning on **March 31** that **Russia-based actors**...
Timeline
-
10.11.2025 22:29 2 articles · 6mo ago
Konni Android and Windows data-theft and remote-control campaign
Initial DisclosureThe operation opened with **spear-phishing emails** and fake **stress-relief** lures that pushed malware onto victim computers, then spread through **KakaoTalk** sessions to contacts. That foothold enabled credential theft and later abuse of **Google Find Hub** for remote device resets.
Show sources
- Konni Hackers Turn Google’s Find Hub into a Remote Data-Wiping Weapon — thehackernews.com — 10.11.2025 22:29
- Konni Hackers Turn Google’s Find Hub into a Remote Data-Wiping Weapon — thehackernews.com — 10.11.2025 22:29