North Korean hackers use new malware to compromise Gmail accounts

Researchers have unearthed never-before-seen malware that hackers from North Korea have been using to surreptitiously read and download email and attachments from infected users' Gmail and AOL accounts.
11 August 2022
Photo by Thomas Evans on Unsplash

Researchers have unearthed never-before-seen malware that hackers from North Korea have been using to surreptitiously read and download email and attachments from infected users' Gmail and AOL accounts.

The malware, dubbed SHARPEXT by researchers from security firm Volexity, uses clever means to install a browser extension for the Chrome and Edge browsers.

The extension can't be detected by the email services, since the browser has already been authenticated using any multifactor authentication protections in place.

The malware has been in use for well over a year, Volexity said, and is the work of a hacking group the company tracks as SharpTongue.

The group is sponsored by North Korea’s government and overlaps with a group tracked as Kimsuky by other researchers.
SHARPEXT is targeting organizations in the US, Europe, and South Korea that work on nuclear weapons and other issues North Korea deems important to its national security.

Volexity President Steven Adair said in an email that the extension gets installed by way of spear phishing and social engineering where the victim is fooled into opening a malicious document.

In its current incarnation, the malware works only on Windows, but Adair said there’s no reason it couldn’t be broadened to also infect browsers running on macOS or Linux.

- CyberBeat

About CyberBeat

CyberBeat is a grassroots initiative from a team of producers and subject matter experts, driven out of frustration at the lack of media coverage, responding to an urgent need to provide a clear, concise, informative and educational approach to the growing fields of Cybersecurity and Digital Privacy.

Contact CyberBeat

If you have a story of interest, a comment, a concern or if you'd just like to say Hi, please contact us

Terms & Policies >>

Sponsors

We couldn't do this without the support of our sponsors and contributors.