For over a year, North Korean hackers have been spying on emails around the world using a rather clever method: a malicious browser extension.
Volexity researchers have discovered a new North Korean malware used to spy on the contents of Gmail boxes . It is called Sharpext and is installed by the victim as an extension for Chrome and Edge.
Cyber security experts have pointed out that this is a rather clever gimmick: technically the North Korean hackers do not directly compromise the Gmail account, but only read the emails and attachments using a third-party tool, an extension for browser precisely. This way Gmail can’t identify the threat, and hackers completely bypass any security measures like two-factor authentication.
According to the researchers, hackers have been successfully using this ploy for over a year. So far no one had noticed.
This scheme designed to spy on hundreds of thousands of emails every day is the work of the SharpTongue team , a group of hackers formally connected to Kim Jong-Un’s dictatorship. No surprise: North Korea has always financed itself through crime and its legions of state hackers have been one of the most formidable cyber threats in the world for several years now .
According to the Volexity researchers, at the moment the malware designed by the North Koreans would work exclusively with Windows. We have no news of a Linux or MacOS version.
Sharpex has been used successfully to attack several US, European and South Korean organizations.