One of the most common security tips that we receive and also should follow is to enable 2-step verification wherever it is needed, whether it is Gmail or any other app (non-finance too). However, a group of state-sponsored hackers have reportedly found a way to bypass the 2-step verification on Gmail.
As per security firm Volexity, a group of North Korean hackers by the name of ‘SharpTongue,’ may have been using a malware dubbed ‘SHARPTEXT,’ to access users’ Gmail accounts. And it has been in use for over a year now, and the researchers worry that it is only getting better at its job over the time.
How hackers may be able to read users’ emails
The malware disguises itself as a Google Chrome or Microsoft Edge extension – basically it is a Chromium based extension. The attackers use spear phishing and social engineering methods to propagate the malware via malicious attachments. The malware does not steal your username or password instead it “directly inspects and exfiltrates data” from your Gmail account as you browse it. Once it is done collecting your emails, it sends the data to a remote server.
The SHARPTEXT malware is currently at version 3.0 and it can read emails from both Gmail and AOL mail clients. It works on Chrome, Edge and a South Korean web browser Naver Whale. The malware is said to target users across the United States, Europe and South Korea. So far there is no report of these hackers attacking users in Asia.