Delete this malicious extension and stop hackers from stealing your Gmail messages

A cybercriminal threat group from North Korea is using a malicious Chrome extension to steal Gmail emails, according to a report released by Bleeping Computer. Let’s dive into how they’re doing this and the steps you should take right now to protect yourself.

What is the North Korean threat group doing?

The group, which uses the name Kimsuky, has been known to use spear phishing for cyber-espionage in attacks targeting people with high-profile jobs, such as diplomats, journalists, government agencies, politicians, and university professors. According to the Director of National Intelligence,

“Spear phishing is a type of phishing campaign that targets a specific person or group and often will include information known to be of interest to the target, such as current events or financial documents.”

The attack starts with a phishing email that urges potential victims to install a Chrome extension known as AF, which can also be installed in Microsoft Edge, Brave, and other Chromium-based browsers.  Once installed, AF immediately begins stealing the contents of emails from your Gmail account.

MORE: BEWARE OF NEW MACSTEALER MALWARE THAT CAN STEAL YOUR ICLOUD KEYCHAIN DATA AND PASSWORDS

Once your Gmail account is taken over by AF, Kimsuky uses Google Play’s web-to-phone synchronization feature for installing apps from your computer onto your smartphone to infect victims’ phones with Android malware. This allows hackers to drop, create, delete, or steal files as well as retrieve your contacts, make calls, send text messages, turn on your camera, and more.

Beware, because, in addition to this AF malware, Kimsuky has a variety of Android malware on the market including other programs called FastViewer, Fastfire, or Fastspy DEX.  These programs are disguised as plugins for security as well as for viewing documents.

What can I do to prevent this from happening to me?

1) The first thing to remember is to never click on a suspicious email. If you open a phishing email by accident, do not click on any links embedded within the email. 

2) You also should never download any extensions sent to you in an email. If you want to download a new extension, you should be searching for it in Chrome’s More tools section under extensions.

3) Most importantly, always have antivirus software installed on all your devices. Antivirus software will protect you from accidentally clicking malicious links and will remove any malware from your devices. My #1 recommendation is TotalAV, and you can get a limited-time deal for CyberGuy readers: $19 your first year (80% off) for TotalAV Antivirus Pro package. Read my review of Best Antivirus software here.

4) Always double-check that there are no suspicious-looking apps downloaded to your phone, delete them immediately if you see them and then have your antivirus software scan through your phone to make sure any malware has been removed.

5) Finally, be sure to only download apps from the Google Play Store that have been reviewed and given good ratings.

Have you been sent any suspicious phishing emails lately? Let us know below.

 

Related:

 

Related posts

Best last minute holiday gifts

Understanding brushing scams and how to protect yourself

From TikTok to trouble: How your online data can be weaponized against you

16 comments

Micky April 10, 2023 - 3:25 am
Hi Kurt, I have a question. When I get "junk" e mails I usually click on the unsubscribe button at the bottom of these emails. Should I or should I not do this, and if not, how do you prevent the junk from getting sent to you? Thank you .
Kurt Knutsson April 10, 2023 - 11:36 am
Add Comment