Skip to main content

A new malware threat is spying on users' Gmail inbox — do this before you're next

Malware
(Image credit: Getty Images/OrnRin)

Cybersecurity firm Volexity discovered a brand-spankin' new malware threat dubbed SHARPEXT. This nasty, nosey bug spies on Google and AOL email account holders, reading and downloading their private information and attachments.

According to Volexity, SHARPEXT infects devices via browser extension installation. The malware campaign supports Google Chrome, Microsoft Edge and Naver Whale, and it's targeting users US, Europe and South Korea. Investigators tracked its origin to a North Korean-backed hacking group publicly known as "Kimsuky."

SHARPEXT is a silent spy

You may be wondering, "How do I know if my device is infected with SHARPEXT?" Unfortunately, this malicious infiltrator is difficult to detect. 

"By stealing email data in the context of a user's already-logged-in session, the attack is hidden from the email provider, making detection very challenging" the Volexity report said. To make matters worse, there is no conspicuous malicious coding present in the extension itself, which makes it difficult for antivirus scanners to flag it.

Volexity President Steven Adair told Ars Technica that victims are fooled into opening SHARPEXT-packed malicious programs via social engineering and "spear phishing," a tactic that involves masquerading as a trusted source to bait victims into clicking malware-infested content. 

The SHARPEXT malware campaign, which has been around for "well over a year," managed to steal thousands of emails from numerous victims so far. Adding to the creep factor, Volexity researchers said that "a dedicated folder for the infected user is created containing the required files for the extension." In other words, once you become a SHARPEXT victim, a file is created — just for you — to keep track of your email data. Eek!

To dodge SHARPEXT, Volexity suggests blocking the indicators of compromise (IOCs) which they've compiled on Github (opens in new tab). The cybersecurity firm also recommends periodically reviewing your browser extensions to keep suspicious malware at bay. Be sure to check out our best antivirus apps, too. You can never be too safe.

Kimberly Gedeon, holding a Master's degree in International Journalism, launched her career as a journalist for MadameNoire's business beat in 2013. She loved translating stuffy stories about the economy, personal finance and investing into digestible, easy-to-understand, entertaining stories for young women of color. During her time on the business beat, she discovered her passion for tech as she dove into articles about tech entrepreneurship, the Consumer Electronics Show (CES) and the latest tablets. After eight years of freelancing, dabbling in a myriad of beats, she's finally found a home at Laptop Mag that accepts her as the crypto-addicted, virtual reality-loving, investing-focused, tech-fascinated nerd she is. Woot!