Gmail users on Google Chrome or Microsoft Edge should be aware of new email reading malware recently identified by Volexity (opens in new tab)which is called the SHARPEXT.
SHARPEXT is said to come from a hacking group called SharpTongue (or Kimsuky as it’s called by other security companies), which is backed by North Korea. It has been in business for over a year and has stolen thousands of messages and files from Gmail and AOL email accounts. Currently, SHARPEXT has only been observed in use on Windows devices, although Volexity says it’s possible the malware could also run on macOS and Linux systems.
How SHARPEXT infects victim’s systems
Victims are convinced to open a document containing the malware through spear phishing and social engineering scams. The malware has been seen in browser extensions for Chrome, Edge and the Korean browser Naver Whale, all of which are based on Google’s Chromium platform. It also appears to be targeting American, European and South Korean users, particularly those who work in areas considered a threat to North Korea, such as nuclear weapons.
Once installed, the malware adds itself through the Preferences and Safe Preferences files in the browser, then activates email read/download capabilities, while also hiding warning boxes that might pop up and warn the user that one is not available. -verified extension is active on their device.
The extensions that carry SHARPEXT are hard to spot because they don’t contain anything that would trigger a response from an antivirus scanner, while the dangerous parts run from a separate server. It’s also hard to spot a data theft through SHARPEXT as you’ve already entered your credentials to access your email so the extension can check and copy data as you view it.
Protect yourself from this email reading malware
If you’re concerned that you or someone you know may be at risk from this malware, Volexity has compiled a list of Indicators of Compromise (IOCs) on Github that can be used to identify if a machine is infected. Otherwise, you can check which browser extensions you’re using, especially if they can’t be found in the Chrome Web Store or were installed in unusual ways, and remove any suspicious extensions. You should also make sure that you have installed one of the best antivirus software programs to add some extra protection to your devices.
Next one: Google Search just got a major upgrade that speeds up searches (opens in new tab). And you can try it now.