North Korea-backed hackers have a clever way to read your Gmail - Ars Technica
Aug 04, 2022 1 min, 27 secs

The malware, dubbed SHARPEXT by researchers from security firm Volexity, uses clever means to install a browser extension for the Chrome and Edge browsers, Volexity reported in a blog post.

The extension can't be detected by the email services, and since the browser has already been authenticated using any multifactor authentication protections in place, this increasingly popular security measure plays no role in reining in the account compromise.

Volexity President Steven Adair said in an email that the extension gets installed "by way of spear phishing and social engineering where the victim is fooled into opening a malicious document.

Previously we have seen DPRK threat actors launch spear phishing attacks where the entire objective was to get the victim to install a browser extension vs it being a post exploitation mechanism for persistence and data theft." In its current incarnation, the malware works only on Windows, but Adair said there's no reason it couldn't be broadened to infect browsers running on macOS or Linux, too.

The blog post added: "Volexity's own visibility shows the extension has been quite successful, as logs obtained by Volexity show the attacker was able to successfully steal thousands of emails from multiple victims through the malware's deployment.".

Installing a browser extension during a phishing operation without the end-user noticing isn't easy.

After modifying the preference files, SHARPEXT automatically loads the extension and executes a PowerShell script that enables DevTools, a setting that allows the browser to run customized code and settings.

"The script runs in an infinite loop checking for processes associated with the targeted browsers," Volexity explained.

"If any targeted browsers are found running, the script checks the title of the tab for a specific keyword (for example' 05101190,' or 'Tab+' depending on the SHARPEXT version).


1. Wisconsin after Paul Chryst: Can any candidate top Jim Leonhard? How good is Badgers job? - The Athletic
Oct 03, 2022 # politics 22 secs
2. Stroke genetics informs drug discovery and risk prediction across ancestries - Nature.com
Sep 30, 2022 # health 26 mins, 27 secs
3. Bayonetta Voice Actress Replaced By Mass Effect's Jennifer Hale - IGN
Oct 05, 2022 # technology 22 secs
4. How polio came back to New York for the first time in decades, silently spread and left a patient paralyzed - CNBC
Oct 04, 2022 # health 3 mins, 46 secs
5. Manchin says OPEC+ decision to cut oil production shows US must emphasize 'energy independence and security' - Fox Business
Oct 05, 2022 # politics 1 min, 21 secs
6. Mark Pocan, Democratic lawmaker, seeks to build an LGBT museum in Washington
Sep 30, 2022 # breaking 31 secs
7. Lea Michele is spectacular in 'Funny Girl' Broadway revival - Entertainment Weekly News
Oct 03, 2022 # entertainment 1 min, 14 secs
8. 1st gen AirPods Pro users seeing ‘Adaptive Transparency’ option after iOS 16.1 beta update - 9to5Mac
Sep 29, 2022 # technology 1 min, 14 secs
9. Game Pass and Xbox prizes to win in Dorito and Rockstar promotion - TrueAchievements
Oct 03, 2022 # technology 20 secs
10. Liquid water may have just been discovered on Mars - The Jerusalem Post
Sep 29, 2022 # science 55 secs
11. Biden says 'we can afford' student debt forgiveness after GOP lawsuit - New York Post
Oct 02, 2022 # politics 32 secs
12. Kanye West Bonds With Kids North, 9, Saint, 6, Chicago, 4, & Psalm, 3, At Dinner In Paris: Photos - HollywoodLife
Oct 02, 2022 # politics 51 secs
13. Title Defense For Pac Is First Match Announced For Battle Of The Belts IV - Wrestling Inc.
Oct 01, 2022 # entertainment 25 secs
14. All blue-eyed people on Earth share the same ancestor - msnNOW
Oct 04, 2022 # health 27 secs
15. Photos show massive recovery days after Hurricane Ian hit Florida, Carolinas - CNBC
Oct 03, 2022 # politics 16 secs
16. Blinken to woo Latin America's new leftist leaders, reassert U.S. commitment
Oct 02, 2022 # breaking 1 min, 41 secs

SUBSCRIBE

Get monthly updates and free resources.

CONNECT WITH US

© Copyright 2022 365NEWSX - All RIGHTS RESERVED