Security researchers have discovered unprecedented malware used to secretly read and download the contents of Gmail and AOL accounts.
North Korean hackers are using unprecedented methods to bypass Google’s email security measures, allowing them to read or download messages and attachments in Gmail accounts without Google noticing. Volexity is a cyber security company According to his blog post Simple browser extensions are used to steal mail data, and sophisticated attacks are said to target users in the United States, Europe and South Korea.
While this type of alleged phishing attack is used to prompt users to actively cooperate by downloading prepared browser extensions, this is no longer necessary in the case of current attacks, as malware can be downloaded onto computers without the victims’ knowledge. What’s even more frightening is that even Google (or Microsoft) browsers don’t detect the intrusion, and the malware itself has been constantly evolving since its discovery, and according to Volexity, it’s already in its third version.
Right now, they don’t care about anyone
The Talk to Ars Technica The company explained that the current iteration of the program, called SHARPEXT, only affects Windows users, but there is no reason to assume that macOS or Linux users will be permanently excluded from this point on. Volexity alleges that the hacker group, referred to as Kimsuky or SharpTongue, operates under the auspices of the North Korean state, and through SHARPEXT monitors individuals working for US, European or South Korean organizations working on issues affecting North Korea’s strategic interests.
Volexity estimates that the extension may have been so successful so far, that attackers have stolen thousands of emails from multiple victims by installing malware, according to records obtained by the security vendor. This is supported by the fact that when SHARPEXT first came out, it was still an immature tool with many bugs, but the latest updates and constant maintenance show that attackers are achieving their goals with it, and it’s worth them to keep improving the code.