These malicious Google Chrome extensions could let hackers steal your Gmail messages

North Korean hackers target high-level victims with Google Chrome scheme

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

A malicious browser extension for Chrome and other Chromium-basedbrowserscapable of stealing the contents of your Gmailemailaccount has been discovered by security researchers.

Themalwarecampaign was spotted by two national security agencies - the German Federal Office for the Protection of the Constitution, and the National Intelligence Service of the Republic of Korea.

These two agencies issued a joint statement, warning about the campaign, urging people to be vigilant, but particularly diplomats, journalists, university professors, politicians, and government employees, who are all reportedly the main targets.

Delivered via phishing

AF is aGoogleChrome add-on distributed by a threat actor known as Kimsuky (or Thallium). This threat actor is based in North Korea, the two agencies claim, and allegedly targets high-profile individuals in their cyber-espionage programs.

While initially focused on South Korean targets, Thallium recently expanded its target list into Europe, and the United States.

AF is delivered to its victims viaphishing. The group would send out the usual “urgent” email, telling the victim to download the add-on on theirendpoint. If installed, the malware won’t show up in the list of add-ons on Chrome, and will only be visible in the extension list. Once installed, it only takes one visit to Gmail for the add-on to run and extract all of its activities.

North Korean government hackers found using ransomware for the first time>North Korean hackers target phones, Windows devices with new malware>These are the best ID theft protection services right now

Kimsuky seems to be a state-sponsored actor focused on cyber-espionage and intelligence gathering. According to CISA, the group has been active for more than a decade.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

In 2015, it was accused of stealing sensitive data from Korea Hydro & Nuclear Power, and four years later, in 2019, it was accused of targeting retired South Korean diplomats, military and government officials. Two years ago, Kimsuky was accused of lurking in the internal networks belonging to the Korea Atomic Energy Research Institute.

Via:BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Nokia confirms data breach leaked third-party code, but its data is safe

Rising AI threats are making firms turn back to human intelligence

3 reasons why PIA fell in our best VPN rankings