Warning of a ‘hack’ in Chrome extensions to steal your Gmail mails
The German Federal Office for the Protection of the Constitution (BfV) and the National Intelligence Service of the Republic of South Korea (NIS) have jointly warned of the detection of Kimsuky, a group of North Korean cyber criminals who use targeted phishing for cyber espionage. Their targets are diplomats, journalists, government agencies, university professors and politicians. from South Korea, the United States and Europe.
As confirmed by experts, the attackers exploited. an infected extension called ‘AF’ from Google Chrome, Microsoft Edge, Brave or other browsers.to access Gmail accounts. The scammers made sure that their victims downloaded it by sending an email in which they were told to do so.
As soon as those affected installed it, it was enough to visit Gmail from the same browser for Kimsuky’s people to be able to steal the platform’s content. The reason why the extension extension violates email access is that it abuses the API of development tools. in the browser and sends stolen data to the attackers’ server.
It is known that, in October 2022, the same group of cybercriminals was able to do the same from cell phones. These attacks detected last year resorted to Android apps infected with a malware called ‘FastViewer’, ‘Fastfire’ or ‘Fastspy DEX’. In December, such problems were resolved, but it seems that it has taken Kimsuky only three months to make a comeback.
Sign up for our newsletter and receive the latest technology news in your inbox.
