They would work on behalf of North Korea. These hackers spy on digital activities around the world. Notably in Europe and the United States. They are particularly interested in government agencies. Indeed, these North Korean hackers would use a Google browser extension to hack Gmail accounts. Caution and vigilance are therefore required.
North Korean hackers target US and Europe
The United States and Europe would be their main targets. These North Korean pirates would have developed a new modus operandi to spy on computers around the world. Especially in the places mentioned above.
You will therefore have to be careful with these Chrome extensions because one of them could be malicious. It’s clever, yes, but also malicious. They hack Gmail accounts by running a phishing campaign.
They manage to install a spy extension for two browsers. These are indeed Google Chrome and Microsoft Edge. Two browsers working for Chromium and able to accommodate the same extensions.
Malware capable of detecting browser-related processes
Here’s how it goes. A malware payload could spread in PC whoever downloaded and installed the extension. The PC will then run a PowerShell script. Via the activation of the DevTools, this PowerShell script will allow him to execute an arbitrary code.
Note that normally, the DevTools are a set of tools reserved for developers. This malware has the ability to detect what the target is doing on their web browser. It detects browser-related processes such as tabs and their titles.
As soon as a web page is opened, the malware will be able to extract all information displayed on the page. All this just by seeing a keyword appear in the title of the tab. Volexity, the first to spot the software, reveals its interest.
North Korean hackers have found a way to access Gmail accounts with a simple extension https://t.co/ItpNHGQ9Rq
— Ouest-France (@OuestFrance) August 8, 2022
According to this security firm, the purpose of this software is to collect login information to Gmail accounts.
These hackers particularly target nuclear facilities
Moreover, this software would not need to dig into a web page. He just needs add addresses to a blacklist. This allows him not to waste time. According to security researchers, this extension has been around for more than a year.
It targets in particular government agencies in South Korea. But also those of other countries such as the United States or European countries. It even seems that these pirates working on behalf of North Korea are particularly interested in nuclear installations.
Obviously, this extension cannot be found in the official Chrome store. The hackers reportedly launched the phishing campaign to get the targets to voluntarily install the software. No one is safe from this malware.
Reasons why it is necessary be very careful and extremely vigilant. Otherwise, your Gmail account might get hacked. And this without your knowledge and despite a good password or the activation of a double authentication system.
This malware would only attack Windows PCs for the moment
This malicious software is capable of exfiltrating a web page, but also of edit files containing system preferences. And attachments too. In addition, Veloxity explained that this malware would only attack Windows PCs for the moment.
This does not prevent hackers from being able to reach other operating systems (OS) one day, such as that of the Macs. And for now, the only way to protect yourself from this piracy is to use a very good antivirus. Otherwise, avoid installing extensions on these browsers.
Indeed, the latter often have security vulnerabilities.
Secure your Gmail account in all possible ways
We said above that for now, only a good antivirus can help protect you from this malware. Or else avoid installing shady extensions. However, it costs nothing to try to secure your Gmail account in every possible way. With Google, it is possible to check if suspicious activity has taken place on your account.
Here are some steps to identify suspicious activity on your Gmail and possibly recover it:
- First, you have to log in to your account. If you can’t connect, something is wrong. So you have to go to the account recovery page and answer some questions.
- Then, you have to examine your activities and secure your account. When you have opened the account, you have to go to the security section. From there, one can examine the activities of his account. We may not recognize some of them and therefore we will have to deny them. You can also check the devices that have used the account.
- Finally, one can take other security measures by following a number of steps offered by Google.