A new malware developed by the North Korean group SharpTongue attacks your Gmail account and accesses all your emails. The worst part is that it doesn’t even need your credentials.
Observed by Volexity Since September 2021, SharpTongue has been rapidly and frequently deploying new malware. The latest was named “SHARPEXT”.
Malware that bypasses any security barrier
Unlike its predecessors, the SHARPEXT malware does not steal your usernames and passwords. It waits patiently until you are logged into your Gmail account to inspect and exfiltrate data from your account directly. Thus, the malware can bypass all your security barriers, including two-factor authentication.
Fortunately, the attacker must first succeed in compromising your devices before infiltrating your Gmail account. But once they gain control (through exploiting a vulnerability), the attacker installs an extension on the infected device’s browser, and the malware deploys from there. The latest version of SHARPEXT (3.0) can operate from Chrome, Edge and Whale (a South Korean browser) browsers. Once installed, the extension is very difficult to detect, as it runs quietly in the background. Thus, difficult to realize the threat.
Who is targeted by SHARPEXT malware?
The SharpTongue group is said to be linked in part to KimSuky, a cybercriminal group active since 2012 from North Korea. KimSuky’s hackers are funded by the country’s authoritarian regime for spy missions for the benefit of the government. Their attacks typically target individuals and organizations located in Japan and South Korea, as well as the United States, in an effort to monitor foreign policy and destabilize opponents.
Members of SharpTongue, on the other hand, prey on individuals in Europe and South Korea, especially when the latter are interested in North Korea and its nuclear weapons. The vast majority of the population is therefore little affected by this threat, but the existence of this type of malware remains very worrying.
Source : Volexity
7