Security experts are warning of malware hiding in browser extensions, and spying on emails from Gmail or AOL. It is being carried out by a North Korean hacker group that seeks to steal sensitive data. This is a report from Hackernews. Kimsuky, a threat group backed by North Korea’s regime, uses a malicious browser extension in order to spy on victims’ emails.
Security researchers discovered Volexity, and a campaign called Sharpext. Chromium-based browsers like Google Chrome, Microsoft Edge and Whale are targeted by the hackers. The hackers have created manipulated extensions to allow them access to the email accounts of their victims.
These extensions aren’t just available to download to randomly hit victims. Hackers use the extension to access computers they already own. After the browser’s preferences and security preferences files are replaced, the add-on is installed. Developer mode hides the extension’s execution.
Spying on AOL accounts and Gmail accounts
To compromise victims’ AOL and Gmail account, the attackers use modified VBS scripts. The malicious extension is then added to the background. Volexity researchers explained that malware filters and inspects data from victims’ webmail accounts as they browse it. The extension was discovered in 2003 and has since evolved to version 3.0. It is based on an internal version control system.
Now, the malicious extension is able to evade detection. The extension waits for the victim’s login to their email account to be detected. This prevents anyone from gaining access to the account from unauthorized locations, which could cause security issues for email providers. You won’t receive any warnings regarding suspicious activity. Hackers can also read your emails unassisted, steal data, or even use the accounts for malware.