Experts Raise The Alarm Against Malicious Google Chrome Extensions That Enable Hackers To Steal Gmail Messages

A new and malicious browser extension is up for grabs and it’s causing mayhem online.

Security experts are raising alarm bells against certain Google Chrome Extensions that lead to hackers entering Gmail accounts and stealing the content present inside.

The news comes to us thanks to a few security agencies including Germany’s Federal Office and Korea’s National Intelligence Service. Both of them released a joint statement that came in the form of a recent warning regarding the malware campaign and how users need to be more vigilant now than before if they wish to stay safe.

The campaign appears to target high-profile individuals including employees in the government, professors at universities, media journalists, diplomats, and politicians among others.

These are delivered through the process of phishing and some of the main ones highlighted included AF. The latter is the name given to an add-on by Google Chrome and it is distributed by threat actors called Kimsuky who hails from North Korea. His goal is to attack high-profile users located across cyber espionage programs.

The initial target appeared to be those hailing from South Kore, but it seems like it has undergone expansion to other regions including the US and Europe. Moreover, AF can be seen getting delivered to various victims through acts of phishing.

And you’ll see the group send urgent emails, explaining to victims how to download such add-ons at the endpoint. When and if it’s installed, this type of malware does not pop up on add-on lists across Google Chrome but it’s visible on the extension list.

Furthermore, after it gets downloaded, it takes just a single visit to enter Gmail and force the add-on to run and then carry out the extraction of activities.

So far, from the sort of data that we have, the ordeal looks like it's state-sponsored and related to cyber espionage while carrying out the gathering of intelligence. But more shocking reports are speaking about how it’s not something new and has been in the business of causing turmoil for the past 10 years.

In the year 2015, the threat actor was allegedly reported for stealing a lot of sensitive details belonging to South Korea and even targeting high-profile retired diplomats including officials hailing from the state government and military.


Read next: This New Malware Has Increased by 239% Since 2020
Previous Post Next Post