We use your sign-up to provide content in ways you’ve consented to and to improve our understanding of you. This may include adverts from us and 3rd parties based on our understanding. You can unsubscribe at any time. More info
Gmail users are being warned that a hacking campaign could have led to their emails being spied on for an entire year. Security experts have discovered a nefarious piece of malware dubbed SHARPEXT which is thought to have come from a hacking group in North Korea called SharpTongue. The malware targets Gmail accounts and has been active for over a year, stealing thousands of messages in the process from unsuspecting accounts.
As with many other malware scams, the threat all begins with victims being sent a message which they are tricked into clicking on and downloading an attached document.
If a Gmail user downloads the dangerous file then it will install an extension onto their browser secretly.
The extension targets Google Chrome – the world’s most popular browser – as well as Microsoft’s Chromium powered Edge browser and Naver Whale which is available in Korea.
The scam has already targeted users in the US, Europe as well as Korea.
Google shares the evolution of their Gmail app
Once this extension – which isn’t available on the Chrome Web Store – has been downloaded and installed on a browser it is capable of reading emails and stealing data from Gmail accounts.
It is also capable of hiding any pop-up notifications that alert a user to the unverified extension running on their device.
This threat was highlighted by researchers at cybersecurity firm Volexity who published a blog post on it.
Speaking about the threat Volexity said: “By stealing email data in the context of a user’s already-logged-in session, the attack is hidden from the email provider, making detection very challenging. Similarly, the way in which the extension works means suspicious activity would not be logged in a user’s email ‘account activity’ status page, were they to review it.”
Thankfully though, there are a few things you can do right now to keep yourself safe from this Gmail and Chrome threat.
Firstly, Volexity has provided links to some Github assets which can be used to check if your machine has been infected.
Otherwise, you can head to the extensions page of your Chrome or Edge browser and double check if any extensions have been installed without your knowledge.
If you see any suspicious looking extensions that you don’t recognise make sure you delete them immediately.
Source: Read Full Article