We all need to be vigilant in protecting online accounts and personal data. That’s because cybercriminals constantly develop clever new ways to rip us off.
Heck, thieves don’t even need to be tech savvy to implement money-stealing malware. They can buy malicious programs on the Dark Web that do all the hard work. Tap or click here for a recent example of Phishing as a Service (PhaaS) that targets your bank accounts.
Now, cybercriminals have a new way to steal private information from your email accounts without you knowing about it. Read on to see how they’re doing it and ways to stay protected.
Here’s the backstory
Browser extensions are helpful tools designed to give Google’s Chrome or other browsers such as Firefox and Edge extra functions. They can range from automatically converting currency and translations to pop-up blockers and screenshot tools.
But not all extensions are safe. Some extensions hide malicious code, and Mozilla recently blocked dangerous extensions used by 450,000 Firefox users. Late last year, another extension was draining unsuspecting cryptocurrency users’ accounts.
Cybersecurity company Volexity has found another dangerous extension, and this one is after your emails and private data. The origin is from North Korea, and Volexity explains that it is aware of the developer SharpTongue.
The problem with this extension is it gets installed on your browser without your knowledge. You’re probably wondering how. Good question. It’s an elaborate scheme that involves infecting your device with malware.
Once the malware infects your device, a malicious extension called SHARPEXT is installed on your browser. Some malware variants steal usernames and passwords, but SHARPEXT checks and downloads data from webmail accounts.
Essentially, the malicious Chrome or Microsoft Edge browser extension access and scans your emails, extracting any useful information. According to Volexity, lucrative targets for the malware include U.S. and European citizens who work with “nuclear issues, weapons systems, and other matters of strategic interest to North Korea.”
What you can do about it
If you know a malicious extension is on your browser, you can uninstall it. But SHARPEXT makes that tricky, as it’s not an extension you’ll find in your browser’s webshop.
Instead, the malware’s developers try to breach your browser’s Security Preferences file by infecting your device with malware. Once infected, the malicious extension is added to your browser.
From there, it strikes when you access your email service. Volexity explains that SHARPEXT has successfully swiped thousands of emails from multiple victims.
As we stated earlier, targets for SHARPEXT are pretty specific, and you’re likely not one of them. However, threats like these come in bunches, and criminals will likely tweak the malicious extension’s targets to ordinary people soon. That’s why you need to take preventative measures.
Here are security steps to take to avoid having malware infect your devices:
- Be cautious with links – Never click on links you receive in unsolicited emails or text messages. They could be malicious and infect your device with malware.
- That goes for attachments, too – Don’t open Word or Excel files attached to unsolicited emails. If you open one of these documents and it says that you need to enable macros, close the file and delete it immediately.
- Update your devices – Keep your computer and mobile devices updated to the latest version. Operating system and application updates safeguard you against the latest threats, and it’s your first line of defense against malware.
- 2FA is your friend – Use two-factor authentication and password managers for better security. Tap or click here for details on 2FA.
- Don’t forget antivirus software – Always have a trusted antivirus program updated and running on all your devices. We recommend our sponsor, TotalAV. Get an annual plan with TotalAV for only $19 at ProtectWithKim.com. That’s over 85% off the regular price!