Beware! Hackers use these malicious extensions to spy on you
People employed by companies in the US, Europe, and South Korea who work on subjects pertaining to North Korea, nuclear issues, weapons systems, and other themes of strategic significance to North Korea.
A group of North Korean hackers is using a rogue Microsoft Edge or Chrome plugin to track or access user email accounts.
According to cybersecurity company Volexity, the malicious extension created by the hacker collective known as “SharpTongue” is capable of capturing email content from AOL and Gmail.
“This performer, who goes by the name Kimsuky frequently in public, is thought to be of North Korean descent. Threat intelligence analysts disagree on the exact description of what constitutes Kimsuky,” the cybersecurity researchers said in a statement.
People employed by companies in the US, Europe, and South Korea who work on subjects pertaining to North Korea, nuclear issues, weapons systems, and other themes of strategic significance to North Korea are being targeted and victimised by SharpTongue.
Volexity has responded to numerous SharpTongue events over the past year and, in most cases, has found a malicious “SHARPEXT” Google Chrome or Microsoft Edge extension.
According to the internal versioning system, the extension has changed since its discovery and is now at version 3.0. The researchers informed that it allows for stealing messages from Gmail and AOL webmail and supports three web browsers.
The attack is hidden from the email provider by stealing email data in the context of a user’s already-logged-in session, making detection difficult.
Similarly, the way the extension works means that suspicious activity would not be logged in a user’s email “account activity” status page if they reviewed it, according to the cybersecurity firm.
For more such content, visit: https://bit.ly/3ijY5Gt