1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • North Korean hackers are using malicious Google Chrome extensions

    From TechnologyDaily@1337:1/100 to All on Tue Jul 2 15:15:05 2024
    North Korean hackers are using malicious Google Chrome extensions to try and hack your data

    Date:
    Tue, 02 Jul 2024 15:03:57 +0000

    Description:
    Kimsuky is spreading a fake Google Translate Chrome extension that just
    steals your sensitive data.

    FULL STORY ======================================================================

    North Korean state-sponsored threat actors have been observed, once again, using malicious Google Chrome extensions to (mostly) target people in South Korea.

    This time around, cybersecurity researchers from Zscaler ThreatLabz found a new campaign where hackers known as Kimsuky (AKA Velvet Chollima, a group known to be affiliated to the North Korean government) uploaded a piece of malware dubbed TRANSLATEXT to their GitHub repository on March 7.

    This malware was masqueraded to look like a Google Translate extension for
    the popular browser , but in fact, was an infostealer capable of bypassing most security measures and stealing sensitive information from the
    compromised machine. TRANSLATEXT was designed specifically to steal email addresses, usernames, passwords, and cookies. Furthermore, it is capable of grabbing screenshots of the browser. Targeting academia

    Whatever information it gathered, it returned to the GitHub account. The malware was removed a day later, on March 8, which prompted the researchers
    to conclude that this was a highly targeted campaign in which Kimsuky knew exactly whose data it was going for.

    Zscaler did not discuss the victims identity in detail, but it did say that they were mostly in the education sector in South Korea. Based on this gathered information, we surmise that academic researchers specializing in
    the Korean peninsula, particularly those engaged in geopolitical matters involving North Korea, are among the primary targets of this campaign, the report states.

    One piece of evidence suggesting this is a word processing file being distributed next to the malware, named "Review of a Monograph on Korean Military History," according to a rough translation.

    The methods of delivering the malware to the victims is not known at this time, but the researchers speculate that Kimsuky is probably deploying it via email. More from TechRadar Pro North Korean hackers have some deious new
    Linux backdoor attacks to target victims Here's a list of the best firewalls today These are the best endpoint protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/north-korean-hackers-are-using-maliciou s-google-chrome-extensions-to-try-and-hack-your-data


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)