On Wednesday, Researchers discovered that hackers from North Korea have been using clever ways to read and download emails and attachments from infected users’ Gmail and AOL accounts.
The malware, dubbed SHARPEXT by researchers from security firm Volexity, uses clever means to install a browser extension for the Chrome and Edge browsers, Volexity reported.
According to ArsTechnica, The extension cannot be identified by the email services, and since the browser has already been authenticated using any multifactor authentication protections in place, this rising popular security measure plays no role in curbing the account compromise.
Volexity says that the malware has been in use for over a year, and is the work of a hacking group the company tracks as SharpTongue.
The group is sponsored by North Korea’s government and overlaps with a group tracked as Kimsuky by other researchers. SHARPEXT is attacking organizations in the US, Europe, and South Korea, working upon nuclear weapons and other issues North Korea considers crucial to its national security.
Volexity President Steven Adair said in an email that the extension gets downloaded by way of spear phishing and social engineering where the victim is tricked into opening a malicious document.
