Beware! Hackers using Gmail and Microsoft Edge extensions to leak information, Check details
“This performer, who goes by the name Kimsuky frequently in public, is thought to be of North Korean descent. Threat intelligence analysts disagree on the exact description of what constitutes Kimsuky “a statement by the cybersecurity experts stated.
A group of North Korean hackers is using a malware Microsoft Edge or Chrome plugin to track or access user email accounts. As per the cybersecurity company Volexity, the malicious extension has been created by the hacker that is collectively known as “SharpTongue”. The company is capable of capturing email content from AOL and Gmail. “This performer, who goes by the name Kimsuky frequently in public, is thought to be of North Korean descent. Threat intelligence analysts disagree on the exact description of what constitutes Kimsuky “a statement by the cybersecurity experts stated.
Volexity has responded to numerous SharpTongue events over the past year and, in most cases, has found a malicious “SHARPEXT” on Google Chrome or Microsoft Edge extension. People working for companies in the US, Europe, and South Korea who work on issues pertaining to North Korea, nuclear issues, weapons systems, and other themes of strategic significance to North Korea are being targeted and victimized by SharpTongue. The researchers said, “Since its discovery, the extension has evolved and is currently at version 3.0, based on the internal versioning system. It supports three web browsers and theft of mail from both Gmail and AOL webmail.”
Volexity has responded to numerous SharpTongue events over the past year and, in most cases, has found a malicious “SHARPEXT” Google Chrome or Microsoft Edge extension. The attack is camouflaged from the email provider by stealing email data while a user is already logged in, making detection extremely difficult. In a similar manner, the extension’s functionality means that even if a user were to visit their email “account activity” status page, suspicious type of behavior would not be recorded there, according to the cybersecurity firm.