A cybercriminal threat group from North Korea is using a malicious Chrome extension to steal Gmail emails, according to a report released by Bleeping Computer. Let's dive into how they're doing this and the steps you should take right now to protect yourself. 

What is the North Korean threat group doing? 

The group, which uses the name Kimsuky, has been known to use spear phishing for cyber-espionage in attacks targeting people with high-profile jobs, such as diplomats, journalists, government agencies, politicians and university professors. According to the Director of National Intelligence, "spear phishing is a type of phishing campaign that targets a specific person or group and will often include information known to be of interest to the target, such as current events or financial documents." 

CLICK TO GET KURT’S CYBERGUY NEWSLETTER WITH QUICK TIPS, TECH REVIEWS, SECURITY ALERTS AND EASY HOW-TO’S TO MAKE YOU SMARTER 

The attack starts with a phishing email that urges potential victims to install a Chrome extension known as AF, which can also be installed in Microsoft Edge, Brave and other Chromium-based browsers.  Once installed, AF immediately begins stealing the contents of emails from your Gmail account. 

workplace balance stress

Here's what to know about keeping your Gmail messages safe from hackers. (CyberGuy.com)

BEWARE OF NEW MACSTEALER MALWARE THAT CAN STEAL YOUR ICLOUD KEYCHAIN DATA AND PASSWORDS 

Once your Gmail account is taken over by AF, Kimsuky uses Google Play’s web-to-phone synchronization feature for installing apps from your computer onto your smartphone to infect victims’ phones with Android malware. This allows hackers to drop, create, delete or steal files as well as retrieve your contacts, make calls, send text messages, turn on your camera and more. 

Beware, because in addition to this AF malware, Kimsuky has a variety of Android malware on the market, including other programs called FastViewer, Fastfire or Fastspy DEX.  These programs are disguised as plug-ins for security as well as for viewing documents. 

What can I do to prevent this from happening to me? 

1) The first thing to remember is to never click on a suspicious email. If you open a phishing email by accident, do not click on any links embedded within the email.  

2) You also should never download any extensions sent to you in an email. If you want to download a new extension, you should be searching for it in Chrome’s More Tools section under extensions. 

3) Most importantly, always have antivirus software installed on all your devices. Antivirus software will protect you from accidentally clicking malicious links and will remove any malware from your devices. 

See my expert review of the best antivirus protection for your Windows, Mac, Android & iOS devices by visiting CyberGuy.com/LockUpYourTech 

FREE ANTIVIRUS: SHOULD YOU USE IT?

4) Always double-check that there are no suspicious-looking apps downloaded to your phone, delete them immediately if you see them and then have your antivirus software scan through your phone to make sure any malware has been removed.  

5) Finally, be sure to only download apps from the Google Play Store that have been reviewed and given good ratings. 

CyberGuy

Cybercrime protection from viruses and hackers  (CyberGuy.com)

Have you been sent any suspicious phishing emails lately? Let us know at cyberguy.com/contact.

CLICK HERE TO GET THE FOX NEWS APP

For more of my tips, subscribe to my free CyberGuy Report Newsletter by heading to CyberGuy.com/Newsletter

Copyright 2023 CyberGuy.com. All rights reserved.