News hardware Gmail: researchers show that North Korea can spy on your account
The Google suite, Gmail in the lead, is one of the most used tools on the entire internet. Who says popular tool necessarily says preferential target of hackers and pirates of all kinds. A group of American researchers from the Volexicity company have just unveiled a North Korean malware, SHARPEXT, likely to attack your Gmail account.
What is North Korea looking for by attacking Gmail with SHARPNEXT?
Developed by hacker group SharpTongue, the idea behind the malware appears to be harvesting sensitive data on behalf of the north korean government. Indeed, SharpTongue would be financed and supported by North Korea. The group is also close to the famous North Korean Black Hats Kimsuky.
What purpose ? North Korea primarily targets information related to… nuclear weapons.
According to Volexity, the company of cybersecurity researchers who just revealed to the world the catch of this big fish, thousands of accounts were infected by SHARPNEXT over a period of about 1 year. Do not panic too much, individual accounts are not the priority target of hackers.
The Google suite is widely used by professionals, and, as you can imagine, companies are much more interesting prey than Mrs. Michu. Most often, the accounts targeted by SHARPNEXT belong to NGOs or companies that work directly or indirectly on subjects related to the country of Kim Jong Un.
In terms of the geographical origin of the targets, they may just as well be Americans,Europeans or South Koreans.
What is Sharpext, the malware from North Korea that poisons Gmail?
Now that the context is set, it is time to describe how SHARPNEXT works. The idea is simple: use browser extensions (mainly Google Chrome and Microsoft Edge, the most popular) to plant its roots deep in affected PCs.
The word “PC” matters: no Macs have been reached yet. As very often, Apple is protected by the simple fact of being a minority on the market. Malware developers aren’t bothering to work on a virus designed for macOS, which by all estimates is present on only 10% of computers in circulation worldwide.
To install SHARPNEXT, you don’t even need to download anything. Just open a document, and presto, all the most important data from Chromium, the common framework used by Google Chrome and Microsoft Edge, gets sucked in.
The SHARPNEXT extension is obviously invisible to the eyes of the user and undetectable by Google and Windows. The script that runs automatically has been coded to hide all warning windows. In short, all it takes is one click for SHARPNEXT to very discreetly begin its undermining work, and this can last for months.
Now that Volexity has thrown everything out, Google and Microsoft will surely act. In the meantime, you are in the know.