Pages

Security Researchers Raise The Alarm Over New eMail Malware That Bypasses All Protections

No matter how many security checks you’ve got in place for your Gmail, there’s never too much protection. This is why experts have been reminding users on a routine basis to strengthen their login credentials before it gets too late.

But what if we told you that there’s a new malware on the loose that manages to evade all the security protections in place and still read your mail?

Yes, a new and alarming report by security researchers is warning users to be aware of the malware that manages to do just that. The news comes to us by professionals at Volexity that claim the ongoing threat is major.

It comes to us by a group called SharpTongue which hails from North Korea and there are even some reports proving it has links with the Kimsuky group that was previously outlined harmful.

The latter was delineated to be so dangerous that it didn’t require any user login credentials to gain access. Instead, it ended up putting malware to work that simply enters your mail with ease and starts reading.

As the victim opens up their inbox and browses through their mail, the malware closely follows and continually extracts data without anyone finding out.

The threat is really evolving with time as we speak and Volexity claims the malware has even reached up to the 3.0 version. It was also highlighted how it enters user emails from both AOL as well as their Gmail inbox.

Security researchers have pointed out the ability of the malicious threat to carry out its actions against three browsers that include Chrome, Firefox, and Microsoft’s Edge. And then there’s more news about it disrupting the leading South Korean browser called Whale too.

There are top reports from security analysts in the US that speak of Kimsuky’s existence since the year 2012. CISA says its definite whereabouts are linked to North Korea and it’s an ongoing mission to obtain global intelligence reports through discreet means like these.

In the past, Kimsuky’s common targets were users based in its neighboring South Korea while other clients included firms situated in the US and Japan. Now, Volexity has plenty of evidence to claim how the SharpTongue firm was witnessed snooping into Europe, the US, and South Korean users' Gmail accounts.

The common theme or mode of attack is linked to those who are commonly working on any topic that entails North Korea, the subject of weapons, or perhaps those discussing nuclear matters. Even those that could be dealing with matters that North Korea finds to be of strategic relevance could similarly be deemed vulnerable.

So what’s the huge deal with this new malware and how does it really differentiate from others observed in the past?

Well, we’ve witnessed how this malware doesn’t require any form of browser extension to carry out its dangerous behavior. It simply bypasses user credentials and extracts data while victims are carrying on reading their emails.

There is one small glimmer of hope that experts are highlighting here and that is how the virus needs your system to be compromised for it to gain easy entry. This could be due to other forms of phishing attacks, malware, and more.

This way, the threatening actors simply download an extension that would be seen running silently in the user’s background. And it’s amazing how it can’t be detected.

Google can’t identify what’s going on and hence fails to send out any alerts like those commonly seen when you enter your mail through another device or browser. And once bypassed, the malware continues its business silently.

So, what’s the solution? Well, Volexity advises downloading the PowerShell logging software with its Script-blocking feature. Since PowerShell sets up and installs the malware, this really safeguards many from its actions.
Illustration: macrovector

No comments: