Malicious browser extension targets Gmail and AOL users

We all need to be vigilant in protecting online accounts and personal data. This is because cybercriminals are constantly developing new and clever ways to scam us.

Heck, thieves don’t even need to be tech savvy to implement money-stealing malware. They can buy malicious programs from the Dark Web that do all the hard work. Tap or click here for a recent example of Phishing as a Service (PhaaS) targeting your bank accounts.

Now cybercriminals have a new way to steal private information from your email accounts without you knowing. Read on to see how they do it and ways to stay protected.

Here is the backstory

Browser extensions are useful tools designed to give Google’s Chrome or other browsers such as Firefox and Edge additional functions. They can range from automatic currency conversion and translations to pop-up blockers and screen capture tools.

But not all extensions are safe. Some extensions hide malicious code and Mozilla recently blocked dangerous extensions used by 450,000 Firefox users. Late last year, another extension emptied the accounts of unsuspecting cryptocurrency users.

Cybersecurity firm Volexity has found another dangerous extension, and this one is after your emails and private data. The origin is from North Korea, and Volexity explains to be aware of the developer SharpTongue.

The problem with this extension is that it installs on your browser without your knowledge. You are probably wondering how. Good question. It is an elaborate scheme of infecting your device with malware.

Once the malware infects your device, a malicious extension called SHARPEXT gets installed on your browser. Some malware variants steal usernames and passwords, but SHARPEXT verifies and downloads data from webmail accounts.

Essentially, the malicious Chrome or Microsoft Edge browser extension accesses and scans your emails, extracting any useful information. According to Volexity, the malware’s lucrative targets include US and European citizens who work on “nuclear issues, weapons systems, and other issues of strategic interest to North Korea.”

What can you do about it

If you know that a malicious extension is on your browser, you can uninstall it. But SHARPEXT makes this tricky, because it’s not an extension you’ll find in your browser’s web store.

Instead, the malware developers attempt to breach your browser’s security preferences file by infecting your device with malware. Once infected, the malicious extension is added to your browser.

From there, it hits when you access your email service. Volexity explains that SHARPEXT managed to slip thousands of emails from multiple victims.

As we stated earlier, SHARPEXT’s targets are quite specific and you’re probably not one of them. However, such threats come in clusters, and criminals will likely change the targets of the malicious extension to ordinary people soon. This is why you need to take preventive measures.

Here are the security measures you can take to prevent malware from infecting your devices:

  • Be careful with links – Never click on links you receive in unsolicited emails or text messages. They could be malicious and infect your device with malware.
  • This also applies to attachments – Do not open Word or Excel files attached to unsolicited emails. If you open one of these documents and it says you need to enable macros, close the file and delete it immediately.
  • Update your devices – Keep your computer and mobile devices up to date with the latest version. Operating system and application updates protect you from the latest threats and are your first line of defense against malware.
  • 2FA is your friend – Use two-factor authentication and password managers for better security. Tap or click here for more details on 2FA.
  • Don’t Forget Antivirus Software – Always have a trusted antivirus program updated and running on all your devices. We recommend our sponsor, TotalAV. Get an annual plan with TotalAV for just $19 at That’s over 85% off the regular price!

keep reading

Google Ads Scam Warning: Do Not Click This Masked Malware Campaign

Malware is still a huge problem for Android – Here’s what to watch out for

Comments are closed.