A group of hackers supported by North Korea, is using a malicious extension for Microsoft Edge and Google Chrome to steal emails from users of both browsers. The extension, known as SHARPEXT by Volexity researchers, supports three Chromium-based browsers and has the ability to steal emails from the Gmail accounts of individuals of interest.
Read more: Good Hackers: competition taking place in Rio de Janeiro is open for registration
see more
Alert: THIS poisonous plant landed a young man in the hospital
Google develops AI tool to help journalists in…
Description about SHARPEXT Browser Extension
Unlike other damaged extensions, SHARPEXT does not search for logins and passwords. Instead, the threat can inspect and extract data directly from a person's webmail account while it is being used. The extension can extract data from AOL and Gmail.
SHARPEXT and Sharp Tongue
Researchers who provided information about the attack campaign attributed SHARPEXT to a North Korean threat actor they dubbed Sharp Tongue. She is well known for her ability to identify hackers who support organizations in the United States, Europe and South Korea.
According to researchers Paul Rascagneres and Thomas Lancaster, the objective was to work on themes related to North Korea, nuclear issues, weapons systems and other strategic interests for the North Korea.
These attacks are nothing new to anyone.
There's no denying that using browser extensions not authorized by Kimsuky is nothing new. In 2018, it was discovered that a Chrome plugin was being used as part of the Stolen Pencil campaign to steal victims' documents and steal cookies and browser data.
However, the current attack is a little mixed up as it makes use of a tool called Sharpext to steal email information. This malware inspects and steals data directly from the victim's webmail account during use.
It is important to note that the sites being hacked are Google Chrome, Microsoft Edge and Naver's Whale, and email phishing virus aims to collect Gmail session information and AOL.
