About SharpTongue
Threat actor SharpTongue, which is linked to North Korea, was found using a malicious extension on Chromium-based browsers to keep surveillance on victims’ Gmail and AOL email accounts. Experts from cybersecurity agency Volexity found the hackers as SharpTongue, but its activities coincide with one of the Kimsuky APT groups.
The SharpTongue’s toolset was covered by Huntress in 2021 in a published report, but in September 2021, Volexity started noticing usage of earlier unreported Malware strain, in the past year. Volexity has looked over various cybersecurity cases which involve SharpTongue and in most of the incidents, hackers use a malicious Microsoft Edge or Google Chrome extension known as “SHARPEXT.”
How does SharpTongue operate?
Contrary to other extensions in use by the Kimsuky APT group, SHARPEXT doesn’t steal passwords or usernames, however, it accesses the target’s webmail account while they’re browsing it. The present version of the extension backs three browsers and is capable of stealing the contents of e-mails from AOL webmail and Gmail accounts.
The report analysis says that SHARPEXT is a malicious browser extension deployed by SharpTongue following the successful compromise of a target system. In the first versions of SHARPEXT investigated by Volexity, the malware only supported Google Chrome.
The current variant 3.0 supports three browsers:
- This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents