North Korean Hackers Using Malicious Browser Extension to Spy on Email Accounts

Home/malicious cyber actors, Malicious extension, Malware, Security Advisory, Security Update/North Korean Hackers Using Malicious Browser Extension to Spy on Email Accounts

North Korean Hackers Using Malicious Browser Extension to Spy on Email Accounts

A group of North Korean hackers is using a rogue Microsoft Edge or Chrome plugin to track or access user email accounts.

Cybersecurity firm Volexity attributed the malware to an activity cluster it calls SharpTongue, which is said to share overlaps with an adversarial collective publicly referred to under the name Kimsuky.

Malicious Browser Extension

SharpTongue has a heritage of singling out men and women functioning for companies in the U.S., Europe, and South Korea who “work on subjects involving North Korea, nuclear issues, weapons devices, and other issues of strategic curiosity to North Korea,” researchers Paul Rascagneres and Thomas Lancaster stated.

Volexity has responded to numerous SharpTongue events over the past year and, in most cases, has found a malicious “SHARPEXT” Google Chrome or Microsoft Edge extension.

Targeted browsers include Google Chrome, Microsoft Edge, and Naver’s Whale browsers, with the mail-theft malware designed to harvest information from Gmail and AOL sessions.

The attack is hidden from the email provider by stealing email data in the context of a user’s already-logged-in session, making detection difficult.

While the tactics and tools used in the intrusions point to a North Korean hacking group called APT37, evidence gathered pertaining to the attack infrastructure suggests the involvement of the Russia-aligned APT28 (aka Fancy Bear or Sofacy) actor.

Follow Us on: Twitter, InstagramFacebook to get the latest security news!

By | 2022-08-01T17:32:03+05:30 August 1st, 2022|malicious cyber actors, Malicious extension, Malware, Security Advisory, Security Update|

About the Author:

FirstHackersNews- Identifies Security

Leave A Comment

Subscribe to our newsletter to receive security tips everday!