Daily News for Every Age

North Korean APT uses browser extension to steal content from victims’ webmail accounts

By Yamini Sharma On Jul 29, 2022

Kimsuky, a North Korean APT actor, has been observed using a browser extension to steal content from victims’ webmail accounts.

The extension, which has been active since at least 2012, allows data theft from both Gmail and AOL webmail.

It has been used in targeted attacks on individuals in the foreign policy and nuclear sectors, among others.

SharpTongue has been deploying Sharpext against targets for well over a year, according to Volexity.

A dedicated folder containing the extension’s required files is created for the infected user.

The attackers can also dynamically update the extension’s code without having to reinstall it on the infected machine.

Yamini Sharma

I am from Lucknow, Uttar Pradesh, currently pursuing graduation from the University of Delhi. I have an interest in reading books and articles. My favourite genre includes health, art and design.

IPFS peer-to-peer file storage network is being used in an increase of phishing attacks

LockBit operator exploits Windows Defender in order to load Cobalt Strike