a group of hackers supported by North Korea, is using a malicious extension for Microsoft Edge and Google Chrome to steal emails from users of both browsers. The extension, known as SHARPEXT by researchers at Volexity, supports three Chromium-based browsers and has the ability to steal emails from the Gmail accounts of individuals of interest.
Read more: Hackers for good: competition that takes place in Rio de Janeiro is open for registration
Description about SHARPEXT Browser Extension
Unlike other damaged extensions, SHARPEXT does not search for logins and passwords. Instead, the threat can inspect and extract data directly from a person’s webmail account while it is being used. The extension can extract data from AOL and Gmail.
SHARPEXT and Sharp Tongue
Researchers who provided information about the attack campaign attributed SHARPEXT to a North Korean threat actor they nicknamed Sharp Tongue. She is well known for her ability to identify hackers who support organizations in the United States, Europe, and South Korea.
According to researchers Paul Rascagneres and Thomas Lancaster, it was intended to work on topics related to North Korea, nuclear issues, weapons systems and other strategic interests for North Korea.
These attacks are nothing new to anyone.
There’s no denying that using browser extensions not authorized by Kimsuky is nothing new. In 2018, it was discovered that a Chrome plugin was being used as part of the Stolen Pencil campaign to steal documents from victims and steal cookies and browser data.
However, the current attack is somewhat varied as it makes use of a tool called Sharpext to steal email information. This malware inspects and steals data directly from the victim’s webmail account during use.
It is important to note that the websites being hacked are Google Chrome, Microsoft Edge and Naver’s Whale, and the email phishing virus aims to collect information from Gmail and AOL sessions.