North Korean hackers plot Gmail theft attacks via Chrome extension
According to a report dated March 24, 2023, South Korea and Germany recently issued a joint cybersecurity warning about attacks by North Korean hackers to steal Gmail emails via a malicious Chrome extension.
The hacking team identified as Kimsuky, also known as "Velvet Chollima" and "Thallium", is focusing its attacks on scientists focusing on North Korea and the Korean peninsula.
The hackers used a spear phishing email to install a destructive Chromium extension on their victims' computers, allowing them to access the written content of their emails and send them to their own server.
They also used Android malware to gain even greater access to their victims' devices. The attacks have been confirmed as coming from Kimsuky, which uses three strains of malware called FastFire, FastViewer and FastSpy.
Read more about it : here