Businesses and the IT teams should be aware of the following threat, which according to reports, is seeing a North- Korean-based cyber organisation – identified as Kimusuky – using a malicious browser extension named ‘Sharpext’ to steal emails from Gmail and AOL accounts.
Attackers have reportedly been installing the malicious web extension after compromising a victim’s system by installing a custom script that replaces the ‘Preferences’ files with ones installed from the malware command centre.
A victim can be scrolling through their emails and reading important information, all of which is being stolen and read by third parties under their noses. The attack remains undetected as it gains access through an already logged-in session, which goes unnoticed by the email provider.
No suspicious activity alerts are activated, meaning that victims are often completely unaware that their information has been accessed and stolen. Previously, Sharpext has been used in targeted attacks on foreign policy and individuals of strategic interest in Europe and other Western countries.
However, this malware has been used against individuals and businesses alike, as information is stolen and potentially sold to third parties. This can include customer details, bank information, and important login information that can take down systems and put your finances at risk.
To avoid falling victim update your teams to avoid downloading and installing web extensions that look suspicious and have not been directly recommended by Google and other trusted authorities.
If you suspect that your systems have been infiltrated, scan your system with anti-virus software, and contact Action Fraud and the police to report an ongoing cyber crime.
The NEBRC is a not-for-profit organisation that seeks to educate, inform, and support businesses across the UK in protecting themselves against cyber crime and fraud. Why not sign up for our free core membership? You’ll gain access to free cyber security resources and a regular newsletter so you can stay up to date with the latest guidance. For further advice on protecting your business online, please contact us at [email protected]