After making their way to Gmail on PCs, hackers then make an attempt to install malware on victim's Android device
Google Chrome, Microsoft Edge and Brave are the three most popular browsers apps on almost all platforms, as they offer simple and smooth search experiences on computers and mobiles. Besides guiding people to get accurate information, they also offer the flexibility to attach plugins or extensions to their browsers to deliver value-addition services such as in-built grammar correction features, top e-commerce deal notifies, and multi-media editing tools.
However, they lack a proper mechanism to keep a check on malicious extensions that prey on naive users.
In a joint statement, German and South Korean security agencies--Bundesamt für Verfassungsschutz (BfV) and the National Intelligence Service of the Republic of Korea (NIS), have warned that hackers, in the garb of offering security plugin to scan emails for threats, are instead stealing information from user's Gmail.
It has come to light that North Korea-based cybercriminal group Kimsuky (alias Thallium aka Velvet Chollima) known for tracking activists, journalists, and diplomats of South Korea, the USA, and other allied countries, is now targeting civilians.
The bad actors are sending out random emails to potential victims with fake warning messages that their Gmail is under threat from cyber scams. Using panic emotion, they hoodwink users into installing the malicious extensions onto the browser and when the victim login into Gmail, it begins to track every mail and starts sending information to remote servers owned by criminals.
They don't stop there, they misuse the web-to-phone synchronization feature of Google Play. The hackers again fox gullible users to install malware-laced apps on the linked devices such as their mobile phones from the computer.
Once the app makes its way to the phone, the hackers get even more data such as keystrokes on apps, where can get the user's account ID and password and can monitor SMS, contact list, and other messenger apps, and even operate the camera with mic activated, reported Bleeping Computer.
There is no official word on how many users have fallen victim to this scam, but people have been warned users not to install these three extensions-- Fast Viewer, Fastfire,and Fast spy DEX. They come with '.AF' file extension.
Also, is a good practice to install all security updates from phone manufacturers that are released every month or quarterly And, ensure your device has a good anti-virus app developed by renowned publishers such as Kaspersky, ESET, Avast and McAfee among others.
The information is provided solely for general informational and educational purposes and is not intended to be a substitute for professional advice. As a result, before acting on such information, we recommend that you consult with the appropriate professionals.