Gmail users are being warned not to download a Google Chrome browser extension after the discovery that it’s hacking personal emails.
Anyone with a Gmail account and Chrome installed on their PCs should be on the lookout for a nasty new cyber attack that could see personal emails being intercepted and read by hackers. This worrying new threat uses a fake Chrome browser extension, called AF, to infect computers and begin the data-stealing process from Gmail inboxes.
The vicious malware was spotted by the joint cybersecurity team from the German Federal Office for the Protection of the Constitution and the National Intelligence Service of the Republic of Korea with experts warning users to be on high alert.
It seems victims are tricked into installing the fake Chrome extension via scam emails with this latest campaign first targeting South Korea before spreading to the US and then Europe.
Once installed, the bug then sets about hijacking accounts, giving online crooks the ability to read highly personal messages.
The criminals behind the attack, named Kimsuky, are mainly focusing their efforts on high-ranking people such as diplomats, journalists and politicians but anyone can still send up downloading the AF extension and become their next victim so it’s wise to wary of any messages asking you to download files to Chrome.
It’s also a timely reminder never to be tricked into installing anything onto a PC without doing plenty of research first.
If you do want a new extension for your Chrome browser then it’s best to stick to official stores and check the reviews before hitting the download button.
There’s also another reason why you don’t want to become a victim of this attack.
As well as hacking Gmail accounts, the criminals from Kimsuky are also using this bug to attack Android smartphones as well.
It appears that once the Gmail service has been compromised, the hackers can then use Google’s web-to-phone synchronisation feature to install apps from a PC right onto a phone without the user’s permission.
These applications come packed with FastViewer malware which can then be used to drop files onto phones, steal data and more.
It’s even possible for cyber thieves to snoop in on phone calls, watch keystrokes on the screen and see what the user is up to via the front-facing camera.
Although this FastViewer malware isn’t a widespread attack it’s still a worrying development and it’s wise to make sure you do everything possible to keep your devices safe and free from viruses.
mirror.co.uk
