Google Chrome Extension Used To Steal Emails

Uploaded on 2022-08-02 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms, TECHNOLOGY--Hackers

A North Korean-backed threat group tracked as Kimsuky is using a malicious browser extension to steal emails from Google Chrome or Microsoft Edge users reading their webmail. 

The extension, named SHARPEXT by Volexity researchers who spotted this campaign in September, supports three Chromium-based web browsers (Chrome, Edge, and Whale) and can steal mail from Gmail and AOL accounts.

The attackers install the malicious extension after compromising a target's system using a custom VBS script by replacing the 'Preferences' and 'Secure Preferences' files with ones downloaded from the malware's command-and-control server.

Once the new preferences files are downloaded on the infected device, the web browser automatically loads the SHARPEXT extension. "The malware directly inspects and exfiltrates data from a victim's webmail account as they browse it," the threat intelligence firm Volexity has disclosed. "Since its discovery, the extension has evolved and is currently at version 3.0, based on the internal versioning system."

According to Volexity this campaign aligns with previous Kimsuky attacks as it also deploys the SHARPEXT "in targeted attacks on foreign policy, nuclear and other individuals of strategic interest" in the United States, Europe, and South Korea.

Very Effective Attacks

The hackers use the target's logged-in session to steal emails, the hacker remains unseen by the victim's email provider, thus making detection particularly challenging, if not impossible. The North Korean threat actors can use SHARPEXT to collect a wide range of information using commands that collected emails from the victim to ensure duplicates are not uploaded. This list is continuously updated as SHARPEXT executes hacking exploits.

This is not the first time the N. Korean group has used browser extensions to harvest and exfiltrate confidential data from targets' breached systems. In 2018 researchers at NetScout identified a spear-phishing campaign orchestrated by Kimsuky pushed a malicious Chrome extension in attacks targeting a large number of academic institutions.

The Cybersecurity & Infrastructure Security Agency (CISA) has  issued an Alert focused on the group's tactics, techniques, and procedures (TTPs), highlighting the group's use of malicious browser extensions to steal credentials and cookies from victims' web browsers. “This advisory describes the tactics, techniques, and procedures (TTPs) used by North Korean advanced persistent threat (APT) group Kimsuky, against worldwide targets, to gain intelligence on various topics of interest to the North Korean government”, says the CISA Alert. 

CISA:        Netscout:    Volexity:     Volexity:    Trendradars:     Stetson:    Masterjitips:    Bleeping Computer

 You Might Also Read: 

Google’s Emergency Update For Chrome:

 

« Mercenary Hacking Group Selling Spyware
Flunking Cyber Education »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Vanguard Integrity Professionals

Vanguard Integrity Professionals

Vanguard Integrity Professionals is an independent provider of enterprise security software solutions that address complex security and regulatory compliance challenges.

Akin Gump Strauss Hauer & Feld

Akin Gump Strauss Hauer & Feld

Akin is a leading global law firm providing innovative legal services and business solutions to individuals and institutions. Practice areas include Cybersecurity, Privacy and Data Protection.

Adeptis Group

Adeptis Group

Adeptis are experts in cyber security recruitment, providing bespoke staffing solutions to safeguard your organisation against ever-changing cyber threats.

FinalCode

FinalCode

FinalCode offers a file encryption and file-based enterprise digital rights management (eDRM) platform.

Karlsruhe Institute of Technology (KIT)

Karlsruhe Institute of Technology (KIT)

KIT is a leading research and education institutions with strong capabilities in information systems and security.

Cybersecurity Competence Center (C3)

Cybersecurity Competence Center (C3)

The Cybersecurity Competence Center was created to further strengthen the Luxembourg economy in the field of cybersecurity.

Cancom

Cancom

CANCOM group is one of the leading providers of IT infrastructure and IT services in Germany and Austria. Solution areas include network security.

Intuity

Intuity

The Intuity suite of services provides companies with a complete awareness of their security status and helps them in an efficient, efficient and sustainable improvement process.

Marcus Donald People

Marcus Donald People

Marcus Donald People is a UK IT recruitment specialist covering the following sectors: Infrastructure & Cloud, Information Security, Development, Business transformation.

Prodera Group

Prodera Group

Prodera Group is a specialist technology consulting partner trusted to help navigate the complex and dynamic lifecycle of change and transformation.

Littlefish

Littlefish

Littlefish provide world-class, award-winning Managed IT and Cyber Security Services, delivered from our 24/7 UK service centres.

Shearwater Group

Shearwater Group

Shearwater Group is an award-winning organisational resilience group that provides cyber security, advisory and managed security services to help secure businesses in a connected global economy.

Framatome

Framatome

Framatome Cybersecurity portfolio is directly inspired by its unique experience in nuclear safety for critical information systems and electrical systems design.

SMARTEST

SMARTEST

SMARTEST is a world-class IT solutions provider active in the most challenging and demanding industries such as the oil and gas industries.

Dion Training Solutions

Dion Training Solutions

Dion Training Solutions offer comprehensive training in areas such as project management, cybersecurity, agile methodologies, and IT service management.

Redcoat AI

Redcoat AI

Redcoat AI provide a comprehensive security platform that continuously evolves with the threats and opportunities presented by AI.