North Korean Hackers Try a New Tactic - Use Malicious Browser Extensions to Spy on Email Accounts

North Korean Hackers Try a New Tactic – Use Malicious Browser Extensions to Spy on Email Accounts

It was reported by a cybersecurity firm called Volexity that the malware was attributed to SharpTongue, an activity cluster. This cluster is said to overlap with an adversarial collective that the public refers to as Kimusky. 

SharpTongue is notorious for singling out individuals in organizations in the US, Europe, and South Korea that work on matters relating to North Korea, weapons systems, and nuclear issues. In short, these are matters of strategic interest to North Korea, according to researchers Paul Rascagneres and Thomas Lancaster. 

Furthermore, Kimsuky using rogue extensions in attacks is not a new tactic. In 2018, the actor was seen using a Chrome plugin as a part of Stolen Pencil, and this campaign aimed to infect victims and steal their browser cookies and passwords.

However, their later espionage effort is different as it uses Sharpect, a different extension, to plunder email data. The researchers have noted that this malware inspects and exfilters data directly from a victim’s webmail account when they are browsing through it. 

The browsers that have been targeted include Microsoft Edge, Naver’s Whale browsers, and Google Chrome. From these browsers, the mail-theft malware harvests information specifically from Gmail and AOL sessions.

These add-ons are added by replacing the browser’s Preferences and Secure Preferences files. In place of those, the files received from remote servers are added. This replacement takes place only after there has been a successful breach of a targeted Windows system.

After the replacement has been completed, the DevTools panel is enabled within the active tabs. This tool steals emails and attachments sent to the user’s mailbox. It also takes additional steps to hide any warning messages that may inform the victim about the running developer mode extensions. 

Read also:

Abdul Wahab is a Software Engineer by profession and a Tech geek by nature. Having been associated with the tech industry for the last five years, he has covered a wide range of Tech topics and produced well-researched and engaging content. You will mostly find him reviewing tech products and writing blog posts. Binge-watching tech reviews and endlessly reading tech blogs are his favorite hobbies.