Alert! This Gmail Malware Bypasses Passwords And 2FA To Read All Email

The best practice items for Gmail security protection are strengthening your login credentials and enabling two-step verification. But if someone bypasses all these protections and checks out all your emails. According to cyber security firm Volexity, the threat research team has found the North Korean ‘SharpTongue’ group has deployed a malware called SHARPEXT that doesn’t need your Gmail login credentials at all.

Alert! This Gmail Malware Bypasses Passwords And 2FA To Read All Email

Instead, it “directly inspects and exfiltrates data” from a Gmail account as the victim browses it. It can steal email from both Gmail and AOL webmail accounts. Moreover, it targets Google Chrome, Microsoft Edge, and a South Korean client called Whale.

See Also: Beware! These 8 Malware-Infested Apps have infected 3 Million Android Users

The research team has also revealed that the SharpTongue group has frequently been seen targeting South Korea, the U. S. and Europe.

The report says that SHARPEXT differs from previous browser extensions deployed by these hacking groups as it bypasses the need for security credentials. It can easily get access the email data as the user reads it.

Once a system has been compromised by phishing, the malware can install the extension using a malicious VB script that replaces the system preference files. Once that’s done and the extension runs quietly in the background, it is tough to detect. The user logs in to their Gmail account from their normal browser on the compromised system.

There is nothing to alert Google and the user that someone has logged into Gmail from a different browser, machine, or location. Bypassing this protection is really dangerous as the hackers can read all the received and sent emails without the user’s knowledge.

Check Also: Beware Mac Users! This Dangerous Malware can Harm your Entire System