North Korean state-sponsored hackers have found a new way to turn a trusted Android feature into a cyber weapon — here’s what happened, and how to protect yourself.
In a worrying twist for Android users, cybersecurity researchers have uncovered a new campaign in which hackers are exploiting Google’s Find Hub — a legitimate tool designed to help people locate and secure lost devices — to remotely track and wipe victims’ phones and tablets.
The attack, attributed to North Korean state-backed cybercriminals, was detailed by South Korean security firm Genians. Their investigation revealed that the attackers gained access to victims’ Google accounts by first compromising their Android devices via malicious files sent through KakaoTalk, a popular messaging app in Asia.
How the Find Hub Hack Worked
Once the victims opened these booby-trapped files, hidden scripts installed secondary malware that quietly monitored system activity and harvested login credentials from multiple apps and services. With stolen Google account information in hand, the attackers were then able to log in to Google Find Hub — and use its legitimate tracking and remote wipe functions to their own advantage.
According to Genians, this is the first confirmed case of a state-sponsored group using Find Hub to take remote control of Android devices, allowing them to track victims’ movements, reset phones, and even spy via the webcam.
“While Find Hub is intended to safeguard Android devices, this is the first confirmed case in which a state-sponsored threat actor obtained remote control by compromising Google accounts,” Genians explained in its report.
Not a Google Flaw — But a Wake-Up Call
Google responded to the report, clarifying that this attack did not exploit any direct flaw in Android or Find Hub itself. Instead, it relied on stolen credentials — meaning that users with weak or reused passwords were particularly at risk.
“The attack required PC malware to be present in order to steal Google account credentials and abuse legitimate functions in Find Hub,” Google said in a statement. The company also reiterated its recommendation for users to enable two-step verification or passkeys for stronger protection against credential theft.
Those facing higher risks — such as journalists, activists, or public figures — are encouraged to enroll in Google’s Advanced Protection Program, which offers extra safeguards against targeted attacks.
What This Means for Android Users
This incident highlights a growing concern in cybersecurity: the misuse of legitimate cloud-based tools. Rather than exploiting new software bugs, threat actors are increasingly turning to account hijacking and social engineering to weaponize trusted services like Find Hub, Apple’s “Find My,” or even Microsoft’s remote management tools.
The takeaway? The weakest link isn’t always the app — it’s often the user’s credentials. Protecting them is key to digital safety in 2025 and beyond.
How to Protect Yourself
- Enable two-factor authentication (2FA) or passkeys on your Google account.
- Use unique, complex passwords for every online service.
- Regularly review account activity and revoke access for unfamiliar devices.
- Be wary of unsolicited files or messages on apps like KakaoTalk or WhatsApp.
- Keep your Android and antivirus software up to date to minimize vulnerabilities.
Genians has also recommended that Google consider adding an additional security layer — such as biometric verification or PIN confirmation — before executing sensitive commands like remote wipes.
The Bigger Picture: Privacy vs. Convenience
As more of our devices become interconnected through cloud-based security services, the same systems that make recovery simple can also make breaches catastrophic. This incident is a reminder that cybersecurity is no longer just about firewalls and patches — it’s about digital hygiene, vigilance, and human behavior.
So, the next time you rely on “Find My Device” or similar services, take a moment to double-check your account security settings. Because as this latest hack shows, even the tools meant to protect us can be turned against us.
What do you think? Should companies like Google add more security friction to protect users — or would that make essential tools like Find Hub less convenient? Share your thoughts below.
