New Chrome malware spies on your Gmail — what to do now

Gmail users on Google Chrome or Microsoft Edge should be aware of new email reading malware recently identified by Volexity (opens in new tab)which is called the SHARPEXT.

SHARPEXT is said to come from a hacking group called SharpTongue (or Kimsuky as it’s called by other security companies), which is backed by North Korea. It has been in business for over a year and has stolen thousands of messages and files from Gmail and AOL email accounts. Currently, SHARPEXT has only been observed in use on Windows devices, although Volexity says it’s possible the malware could also run on macOS and Linux systems.

How SHARPEXT infects victim’s systems

Credit: solarseven/Shutterstock

Victims are convinced to open a document containing the malware through spear phishing and social engineering scams. The malware has been seen in browser extensions for Chrome, Edge and the Korean browser Naver Whale, all of which are based on Google’s Chromium platform. It also appears to be targeting American, European and South Korean users, particularly those who work in areas considered a threat to North Korea, such as nuclear weapons.

Leave a Comment