Researchers at security firm Volexity have discovered a new attack on Gmail that bypasses passwords and 2FA to read all mail. North Korean hacker group SharpTongue (linked to the Kimsuky APT group) has deployed a malicious program called SHARPEXT to steal Gmail and AOL emails from Chromium-based browsers including Chrome, Edge, and South Korea’s Whale. Kimsuky has been active since 2012 and is believed to be engaged in intelligence-gathering work, primarily targeting the United States, Japan, and South Korea. SharpTongue’s attack target is similar, its malicious program SHARPEXT can bypass passwords and 2FA, install extensions on browsers secretly through VB scripts, and grab email data when users read emails. The malicious program runs on Windows systems and can be avoided by using non-Chromium browsers such as Firefox.
This article is reprinted from: https://www.solidot.org/story?sid=72346
This site is for inclusion only, and the copyright belongs to the original author.