Jump to content
  • Hackers are stealing Gmail messages — delete this extension right now

    alf9872000

    • 649 views
    • 4 minutes
     Share


    • 649 views
    • 4 minutes

    This malicious browser extension gives hackers full access to your Gmail account

     

    Gmail accounts are under attack from a malicious browser extension spread via phishing emails that targets Google Chrome, Microsoft Edge and other Chromium-based browsers.

     

    Once installed in your browser, this malicious extension is able to steal the contents of your Gmail messages and even infect the best Android phones with malware but more on that later.

     

    As reported by BleepingComputer(opens in new tab), the campaign itself was spotted by the German Federal Office for the Protection of the Constitution and South Korea’s National Intelligence Service which both issued a joint statement warning others about it.

     

    The cybercriminals behind the campaign hail from North Korea and the Kimsuky (aka Thallium, Velvet Chollima) threat group has a history of using spear phishing for cyber-espionage in attacks targeting diplomats, journalists, government agencies, politicians and university professors. However, while the campaign started in South Korea, it has now expanded to both the U.S. and Europe.

     

    Even if you don’t have a high-profile job, you could end up accidentally installing this malicious extension and having your Gmail account compromised which is why we all need to remain vigilant online.

    Spread via phishing emails

    Uh9ynVsv65yesgowVZcNhX-970-80.jpg

     (Image credit: Shutterstock)

     

    The attack starts with a phishing email urging potential victims to install a Chrome extension, though it could also be installed in Microsoft Edge, Brave and other Chromium-based browsers if a user takes the bait.

     

    The extension is named ‘AF’ and unlike normal extensions, it can’t be found in Chrome’s More tools section under extensions. Instead, you need to manually type “chrome(or edge/brave)://extensions” into your browser’s address bar to find it.

     

    Once installed though, it automatically activates and begins intercepting/stealing the contents of emails from your Gmail account. This is done by abusing the Devtools API in your browser and using it to send all of this stolen data back to a server controlled by the hackers.

    First your Gmail, then your smartphone

    8yBChs3UGbN3eVsvABSkW-970-80.jpg

     (Image credit: Shutterstock)

     

    If having your Gmail messages read by hackers wasn’t bad enough, the Kimsuky hacker group also has its own Android malware known as FastViewer, Fastfire or Fastspy DEX.

     

    Once your Gmail account is in the hands of these hackers, they then use Google Play’s web-to-phone synchronisation feature for installing apps from your computer onto your smartphone to infect victims’ phones with the malware.

     

    The FastViewer malware is a remote access trojan (RAT) that allows the hackers to drop, create, delete or steal files as well as retrieve your contacts, make calls, send text messages, turn on your camera, log your keystrokes and more. Suffice it to say, this malware is incredibly dangerous and could be used for blackmail or even to steal your identity.

    How to stay safe from malicious extensions

    With this malicious extension in particular, it’s a good idea to enter either “chrome:extensions”, “edge:extensions” or “brave:extensions” depending on your browser to see if you have it installed. If you do, you should delete it immediately and consider using the best antivirus software to run a scan of your system just to be safe.

     

    Likewise, you also should install one of the best Android antivirus apps and enable Google Play Protect on your smartphone to protect yourself from the FastViewer malware. Even if you haven’t, an Android antivirus app is certainly worth having on your smartphone now that mobile malware has become so prevalent.

    As for avoiding malicious extensions in the first place, don’t ever install any extension or other software sent to you in an email. You also want to avoid opening emails from unknown senders as well as downloading any attachments they may contain.

     

    The Kimsuky hacker group has a long history of launching a variety of attacks on unsuspecting users which means we’ll likely see their work again.

     

    Source


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...