Bleeping Computer reports that a cybercriminal threat group originating from North Korea has used a malicious Chrome extension in order to steal Gmail email addresses. Let’s look at how they do it and what you can do to stop them.
What are the North Korean threats group doing?
Kimsuky is a group that uses spear phishing to cyber-espionage. It has targeted high-profile people such as diplomats and journalists, government officials, politicians, journalists, and professors at universities. The Director of National Intelligence explains that spear phishing is a form of phishing that targets a particular person or group. It often includes information that may be of interest to the target such as financial documents or current events.
A phishing email urges victims to install AF (Chrome Extension for Chrome) which can also be installed in Microsoft Edge and Brave. Once installed, AF begins to steal the contents of your Gmail accounts emails.
Kimsuky then uses Google Play’s web to-phone synchronization feature to install apps from your computer onto victims’ smartphones. This allows hackers to create, delete, or steal files, as well as retrieve contacts and make calls.
Kimsuky also has a range of Android malware available on the market. These include FastViewer and Fastfire, as well as Fastspy DEX. These programs can be disguised as plug ins to security and for viewing documents.
What can I do?
1) Never click on suspicious emails. Do not open phishing emails by mistake.
2) Never download extensions that have been sent to your email. You should search Chrome’s More Tools section for extensions if you wish to download a new extension.
Kurt “The CyberGuy” Knutsson explains how you can never miss a phone call on your smartphone.
3) Keep antivirus software on all devices. Antivirus software protects you from clicking on malicious links accidentally and removes any malware from your devices.
See my expert review of the best antivirus protection for your Windows, Mac, Android & iOS devices by visiting CyberGuy.com/LockUpYourTech
4) Always make sure that you have no suspicious apps downloaded to your smartphone. If they are, immediately delete them. Next, run your antivirus software through your phone to ensure that any malware has been eliminated.
5) Last, make sure you only download apps from Google Play Store that are well-reviewed and have received positive ratings.