Malware will also look for any other removable device.

Cyber security website experts have uncovered a new malware strain for Windows that is capable of collecting sensitive data from any connected device, including mobile phones, and is reportedly being utilized by North Korean government-linked organizations.

The online security website ESET experts claim to have discovered Dolphin, a hitherto undiscovered information stealer. Dolphin appears to be employed by APT 37, or Erebus, a threat actor with established links to the North Korean government. According to the researchers, the organization has been operating for around a decade.

Dolphin was discovered in April 2021, but it has since grown into quite the beast. It can now steal information from online browsers stored passwords, so your google workspace and microsoft office 365 passwords are not secure anymore. If you have a website or an eBay store that information is also stolen, or credit card details can be stolen. Not only it can take pictures of all information it can also log all keystrokes.

Dolphin malware and its mechanism

Dolphin.exe is an executable exe file that is part of the Dolphin.exe process that is included with software made by the software provider.

If the Dolphin.exe process in Windows 10 is critical, you should exercise caution while eliminating it. Dolphin.exe may occasionally consume an excessive amount of CPU or GPU power. It is possible that malware or a virus is executing in the background.

The Dolphin.exe files.exe extension indicates that it is an executable file for Windows operating systems such as Windows XP, Windows 7, Windows 8, and Windows 10.

Malware and viruses can also be distributed via exe files. As a result, we must exercise caution before executing any unfamiliar executable file on our PCs or laptops. In my Windows machine, I’ve also had problems with malware disguised as exe files.

Now we’ll see if the Dolphin.exe file contains any viruses or malware. Should it be erased to keep your PC safe? Continue reading for more information.

Sending everything to Google Drive

The virus receives its orders from a Google Drive instance and delivers all acquired intelligence there as well.

Dolphin also collects data such as your computer’s name, local and external IP address, security solutions installed on the endpoint, hardware specifications, and operating system version.

Furthermore, it checks all local and portable discs, as well as cellphones, for sensitive data documents, emails, photographs and videos, and so on. According to the security service website, this was made feasible through the Windows Portable Device API.

So far, four versions of the virus have been discovered by the public, with the most recent, version 3.0, published in January 2022.

North Korea is relatively active in cybercrime, with a few large state-sponsored gangs wreaking havoc on the internet. The most well-known example is Lazarus Group, which stole $600 million from cryptocurrency startup Ronin Bridge. According to intelligence assessments, the North Korean government is using cybercriminal organizations to pay for its operations.