Gmail accounts are under attack from a Malicious browser extension It is spread via phishing emails targeting Google Chrome, Microsoft Edge, and other Chromium-based browsers.
Once installed in your browser, this malicious extension is capable of stealing the contents of your Gmail messages and even infecting a file The best Android phones With malware but more on that later.
As I mentioned Computer (Opens in a new tab)The campaign itself was monitored by Germany’s Federal Office for the Protection of the Constitution and South Korea’s National Intelligence Service, both of which issued a joint statement warning others about it.
The cybercriminals behind the campaign hail from North Korea and the threat group Kimsuky (also known as Thallium, Velvet Chollima) has a history of using Spearfishing For cyber espionage in attacks targeting diplomats, journalists, government agencies, politicians and university professors. However, while the campaign started in South Korea, it has now expanded to both the United States and Europe.
Even if you don’t have a high-profile job, you may end up accidentally installing this malicious extension and put your Gmail account at risk which is why we all need to remain vigilant online.
It is spread through phishing emails
Attack begins b Phishing email Urging potential victims to install the Chrome extension, although it can also be installed in Microsoft Edge, Brave, and other Chromium-based browsers if the user takes the bait.
The extension is called “AF” and unlike regular extensions, it cannot be found in Chrome’s More Tools section under Extensions. Instead, you need to manually type “chrome (or edge/brave): //extensions” into your browser’s address bar to find it.
Once installed, it automatically activates and starts intercepting/stealing the contents of emails from your Gmail account. This is done by abusing the Devtools API in your browser and using it to send all this stolen data back to a server controlled by the hackers.
First your Gmail, then your smartphone
If having your Gmail messages read by hackers wasn’t bad enough, the Kimsuky hacker group also has its own Android malware Known as FastViewer, Fastfire or Fastspy DEX.
Once your Gmail account is in the hands of these hackers, they then use Google Play’s web-to-phone sync feature to install apps from your computer onto your smartphone to infect victims’ phones with malware.
The FastViewer malware is a remote access trojan (mouse) allows hackers to drop, create, delete, or steal files as well as retrieve your contacts, make calls, send text messages, turn on your camera, log keystrokes, and more. Suffice it to say that this malware is very dangerous and can be used for extortion or even extortion steal your identity.
How to stay safe from malicious extensions
With this malicious extension in particular, it’s a good idea to enter “chrome: extension”, “edge: extension”, or “brave: extension” depending on your browser to see if it is installed. If you do, you should delete it immediately and consider using a The best antivirus software To perform a scan of your system just to be safe.
Similarly, you should also install and enable one of the best antivirus apps for Android Google Play Protect on your smartphone to protect yourself from FastViewer malware. Even if you haven’t, an Android antivirus app is definitely worth having on your smartphone now that mobile malware is so prevalent.
As for avoiding malicious extensions in the first place, never install any extension or other program that is sent to you in an email. You also want to avoid opening emails from unknown senders as well Download any attachments may contain.
The Kimsuky hacker group has a long history of launching a variety of attacks on unsuspecting users which means we will likely see their work again.
More Tom’s guide
[ad_2]
