They will work on behalf of North Korea. These hackers spy Digital activities All over the world. Significant Europe and America. They are particularly interested in government institutions. Actually, these North Korean hackers use Google browser extension to hack Gmail accounts. Hence caution and vigilance is required.
North Korean hackers target US and Europe
There will be America and Europe Their main goals. These North Korean pirates would have evolved A new way of doing things To spy on computers around the world. Especially in the places mentioned above.
You should be careful with these Chrome extensions because one of them is malicious. It’s clever, yes, but malicious. They hack Gmail accounts by running them A phishing campaign.
They manage to establish A spy extension For both browsers. These are actually Google Chrome and Microsoft Edge. Two browsers that work and can accommodate Chromium Same extensions.
Malware capable of detecting browser-related processes
Here’s how it happens. A malware payload Can spread to the computer Who downloaded and installed the extension. The PC will then run the PowerShell script. By enabling DevTools, this PowerShell script will allow it to run An arbitrary code.
Generally, DevTools is a set of tools reserved for developers. This malware has the ability to detect what the target is doing in their web browser. It detects Browser-related processes as Tabs and their titles.
Once a web page is opened, malware can be extracted All information will be displayed on the page. All this by looking for a keyword to appear in the tab title. Volexity, being the first Found the softwareexpresses the interest of the latter.
North Korean hackers have reportedly found a way to access Gmail accounts with a simple extension https://t.co/ItpNHGQ9Rq
— Ouest-France (@OuestFrance) August 8, 2022
According to this security company, the purpose of this software Collect login information For Gmail accounts.
These hackers specifically target nuclear power plants
Also, this software does not need to crawl the web page. He just needs it Add addresses to the blacklist. This allows him not to waste time. According to security researchers, this extension has been in place for more than a year.
It is specifically targeted Government Institutions In South Korea. But also countries of other countries like USA or European countries. These pirates, working on behalf of North Korea, also appear to be particularly interested in nuclear installations.
Apparently, this extension cannot be found in the official Chrome Store. Hackers have launched phishing campaigns to get targets to voluntarily install software. No one is safe This malware.
Reasons why it is necessary Be very careful and very alert. Otherwise, your Gmail account may be hacked. Even if you don’t know it, implement a good password or two-factor authentication system.
This malware currently only attacks Windows PCs
This malicious software is capable of exfiltrating a web page, but Edit the files Contains computer options. And links too. Additionally, Veloxity explained that this malware only attacks Windows PCs.
This does not prevent hackers from one day reaching other operating systems (OS). That’s Max’s. For now, the only way to protect yourself from this piracy is to use the best antivirus. Otherwise, avoid installing extensions in these browsers.
In fact, the latter is often the case Security Vulnerabilities.
Protect your Gmail account in all possible ways
For now, we said above that only a good antivirus can help protect you from this malware. Or avoid installing shade extensions. However, it costs nothing to try Protect your Gmail account In every possible way. Google can check your account for suspicious activity.
Here are some steps for Identify suspicious activity in your Gmail and retrieve it:
- First, you need to login to your account. If you can’t connect, something is wrong. So you need to go to account recovery page and answer few questions.
- Then, you should review your activities and secure your account. After opening the account, you need to go to the security section. From there, one can explore the activities of his account. We may not be able to recognize some of them, so we may have to deny them. You can check that Equipment Account used.
- Finally, one can take other security measures by following several steps provided by Google.