Email security, Application security

New Kimsuky attacks target Gmail messages

North Korean state-sponsored threat operation Kimsuky, also known as Thallium and Velvet Chollima, has launched a new spear-phishing campaign involving the use of malicious Google Chrome extensions to exfiltrate Gmail emails, BleepingComputer reports. Malicious Chrome extension installation is being urged by spear-phishing messages sent by Kimsuky, with the extension exploiting Devtools API to facilitate email message interception and theft without being detected by account security protections, according to a joint advisory from the German Federal Office for the Protection of the Constitution and the National Intelligence Service of the Republic of Korea. The advisory also warned about Kimsuky's use of the FastViewer Android malware, also known as Fastspy DEX and Fastfire. Kimsuky has been noted by AhnLab to have updated FastViewer after the public disclosure of its hashes. Attacks with FastViewer commence with unauthorized access to Google accounts, which will be followed by the exploitation of the Google Play Store's web-to-phone synchronization functionality, which would eventually lead to the installation of FastViewer, which has file exfiltration and keylogging capabilities.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.