Cybersecurity firm Volexity has discovered relatively new malware that can read and download affected Gmail users’ email. Dubbed “SHARPEXT”, the malware was first discovered 12 months ago but Volexity reports it has since matured into a highly effective and not easily detected spying mechanism.
Reportedly originating out of North Korea, SHARPEXT is a malicious browser extension specifically targeting Edge and Chrome. However, that attack vector is likely to expand as SHARPEXT matures eventually involving more browsers. The main concern with SHARPEXT is that the infection is extremely difficult to detect and unlikely to be flagged by antivirus software.
By stealing email data in the context of a user’s already-logged-in session, the attack is hidden from the email provider, making detection very challenging. To make matters worse, there is no conspicuous malicious coding present in the extension itself, which makes it difficult for antivirus scanners to flag it.
- For more details read the Volexity report in full: Clever Mail-Stealing Browser Extension “SHARPEXT“.
Best Protection
I have said many times over that most malware requires some sort of user interaction to be effective and SHARPEXT is no different. SHARPEXT is typically delivered via social engineering and phishing tactics, which involve masquerading as a trusted source to bait victims into clicking malware-infested content. So, the best protection against SHARPEXT is to obey the 10 Golden Rules.
Stay safe out there.
—
A lot of information missing here. Like how to fix it?
An ounce of prevention is worth a pound of cure and I’ve provided a link which explains in full how to prevent this infection.
Jim,
They write this malware code so it does not show up in Chrome’s known extension list? Thanks for the article.
They write this malware code so it does not show up in Chrome’s known extension list?
Precisely Jim.
Hi Jim,
If you use Thunderbird (on PC) or an app (Nine or even the GMail app) on Android, would you still be vulnerable?
JD
Not sure JD. However, considering this malware is delivered via a browser extension, I suspect it wouldn’t matter what email client or app is being used, Gmail would still be vulnerable.