Cybercrime has been rising over the past few years, reaching its peak during the pandemic. Several different types of cybercrimes have seen an increase during this time, including phishing, ransomware, spyware, and crypto scams. Another popular method involves using fake software, including phony antivirus apps, to deliver malicious payloads. While most of the attacks come from organized cybercriminals, state-sponsored cyber threats from North Korea, China, and Russia are also increasing rapidly. According to an FBI report, last year was exceptionally bad for cybercrime victims, with people reportedly losing almost $7 billion to online attacks and scams.
Researchers at cybersecurity firm Volexity have detailed a new activity from a threat actor called SharpTongue (also referred to as Kimsuky). According to them, the cybercrime group is using ingenious means to install a malicious browser extension on Chromium-based browsers like Google Chrome and Microsoft Edge. The extension cannot be detected by Gmail or AOL mail, nor can it be thwarted by established security protocols like two-factor authentication. According to the researchers, the initial instances of the SHARPEXT malware were spotted as far back as Sept. 2021. However, unlike other malware deployed by SharpTougue, the new extension does not try to steal usernames and passwords. Instead, it "directly inspects and exfiltrates data from a victim's webmail account as they browse it."
In an email to Ars Technica, Volexity President Steven Adair said that the extension is installed through "spear phishing and social engineering where the victim is fooled into opening a malicious document." The malware currently works only on Windows, but Adair believes that with a few changes, it can also be made to work on other platforms like macOS and Linux, meaning the threat could even spread to Chrome users on Mac or Linux.
Armed with the new malware, SharpToungue is said to be targeting individuals and organizations in the U.S., Europe, and South Korea. Most of the victims are said to be entities that are working on strategic geo-political issues involving North Korea, including nuclear armament and weapons systems. According to Volexity, SHARPEXT has become much more mature over the past year and the threat it poses is only likely to increase over time.