Cybersecurity firm Volexity claims that North Korean hackers break into emails with the help of extensions that are packed with content. malicious, but are still available for the Chromium browser. The tools are able to spy on the content of emails linked to Gmail and AOL accounts.
Read more: Hackers for good: competition that takes place in Rio de Janeiro is open for registration
understand the situation
Volexity attributes the intrusions to a group of computers working together called SharpTongue. According to the company, the activity cluster shares the overlays discovered with the collective publicly known as Kimsuky.
It’s not the first time SharpTongue has attacked. Researchers Paul Rascagneres and Thomas Lancaster maintain that the cluster often invades the electronic devices of people or major organizations linked to the United States, Europe and South Korea.
The intention is to seek strategic information related to nuclear issues, weapons and other interests considered essential for North Korea to have knowledge, albeit illegally.
Malware targets different browsers
Hackers working to protect North Korean interests use the Sharpext extension to gain unauthorized access to email and data held on victims’ computers.
The malware works stealthily and extracts data from people’s email while they are using their computer. In addition to Google Chrome, Microsoft Edge and Naver’s Whale browsers were also hit.
Hackers first invade a victim’s computer and then install malware via a malicious browser extension. The other step is done with the help of the DevTools panel, a Chrome tool for developers.
Thus, while the malware works to steal victims’ email data, it also hides notifications from the user about developer mode extensions. For this reason, detecting the intrusion is a really difficult and challenging task.
The investigations point to a group of North Korean hackers known as APT37, but there is evidence that blame hackers aligned with Russia for the attack, due to the infrastructure of the invasion. These are invaders known as APT28, Fancy Bear or Sofacy.