Cybersecurity firm Volexity has discovered relatively new malware that can read and download affected Gmail users’ email. Dubbed “SHARPEXT”, the malware was first discovered 12 months ago but Volexity reports it has since matured into a highly effective and not easily detected spying mechanism.
Reportedly originating out of North Korea, SHARPEXT is a malicious browser extension specifically targeting Edge and Chrome. However, that attack vector is likely to expand as SHARPEXT matures eventually involving more browsers. The main concern with SHARPEXT is that the infection is extremely difficult to detect and unlikely to be flagged by antivirus software.
By stealing email data in the context of a user’s already-logged-in session, the attack is hidden from the email provider, making detection very challenging. To make matters worse, there is no conspicuous malicious coding present in the extension itself, which makes it difficult for antivirus scanners to flag it.
- For more details read the Volexity report in full: Clever Mail-Stealing Browser Extension “SHARPEXT“.
I have said many times over that most malware requires some sort of user interaction to be effective and SHARPEXT is no different. SHARPEXT is typically delivered via social engineering and phishing tactics, which involve masquerading as a trusted source to bait victims into clicking malware-infested content. So, the best protection against SHARPEXT is to obey the 10 Golden Rules.
Stay safe out there.