According to the cybersecurity company Volexity, a North Korean hacker group is using a malicious Google Chrome and Microsoft Edge extension to track email accounts. Email content can be stolen from Gmail and AOL using the malicious extension “SharpTongue.”
The company alleges that SharpTongue is pursuing and victimising people who work for companies in the US, EU, and South Korea and who are involved in discussions about North Korea, nuclear issues, weaponry, and other topics of strategic interest to North Korea.
Volexity has responded to numerous SharpTongue incidents over the past year and, in the majority of cases, has found what it refers to as the “SHARPEXT” malicious Google Chrome or Microsoft Edge extension.
The cybersecurity company asserts that as a victim browses their webmail account, the malware directly inspects and steals data from it. According to the internal versioning system, the extension has changed since its discovery and is now at version 3.0. It allows mail theft from Gmail and AOL webmail and supports three different web browsers.