Stop Gmail Hackers by Removing This Dangerous Extension

Stop Gmail Hackers by Removing This Dangerous Extension: A malicious browser extension that targets Google Chrome, Microsoft Edge, and other Chromium-based browsers has been spreading via phishing emails and is now actively targeting Gmail accounts.

Once installed, this dangerous extension may read your Gmail messages and infect even the most secure Android devices with malware.

The campaign was discovered, as reported by BleepingComputer(opens in new tab), by the German Federal Office for the Protection of the Constitution and the National Intelligence Service of South Korea, who released a joint statement warning others about it.

Kimsuky (aka Thallium, Velvet Chollima) threat organization, the North Korean hackers behind the operation, has a history of deploying spear phishing for cyber-espionage in assaults against diplomats, journalists, government agencies, politicians, and university academics.

It’s important to note that while the campaign did indeed begin in South Korea, it has now spread to other regions, including the United States and Europe.

It’s important for everyone to take precautions online since anyone, regardless of their position in society, might unwittingly install this malicious extension and have their Gmail account hacked.

Through Spam Emails That Seem Legitimate

The assault begins with a phishing email convincing the user to download and install an extension for Chrome, which is also compatible with Microsoft Edge, Brave, and other Chromium-based browsers.

It’s called AF, and it can’t be discovered in Chrome’s More tools > extensions > list of available add-ons like other extensions. To access it, you’ll need to manually enter “chrome(or edge/brave):/extensions” into your browser’s URL bar.

Stop Gmail Hackers by Removing This Dangerous Extension
Stop Gmail Hackers by Removing This Dangerous Extension


But once it’s installed, it immediately activates and starts taking the contents of your Gmail messages. Specifically, the hackers will use your browser’s Devtools API to relay the stolen information back to a server under their control.

Start With Gmail, Then Check Your Phone

Even worse than having your Gmail conversations snooped on by hackers is the Android virus developed by the Kimsuky hacking organization, which goes by the names FastViewer, Fastfire, and Fastspy DEX.

If hackers get access to your Gmail account, they may install malware on your phone using the web-to-phone synchronization function of Google Play, which allows you to transfer programs from your computer to your phone.

Hackers may do everything from drop, create, remove, or steal files to call, text, call, switch on the camera, log keystrokes, and more with the FastViewer virus since it is a remote management trojan (RAT).

To put it mildly, this software is extremely perilous and has the potential to be utilized for extortion or even identity theft.

Protecting Yourself From Harmful Add-Ons

Type “chrome:extensions,” “edge:extensions,” or “brave:extensions” into your browser’s address bar to check if the malicious add-on is there; this is true whether you’re using Chrome, Edge, or Brave.

If you find any, get rid of them right away and maybe even conduct a scan with your top-tier antivirus program just to be safe.

Similarly, you may safeguard your mobile device from the FastViewer malware by installing a reputable antivirus program for Android and turning on Google Play Protect. With the proliferation of mobile viruses, installing an antivirus program for Android is a precaution everyone should take.

If you want to be safe from harmful add-ons from the start, never use an add-on or any other program that was supplied to you in an email. Keep in mind that you shouldn’t download attachments or read emails from someone you don’t know.

Given the Kimsuky hacking group’s track record of targeting innocent victims, we should expect to see more of these attacks in the future.


Leave a Comment