According to Pakistan Telecommunication Authority (PTA), the cyber criminals have found a new way to harvest people’s personal information. Cyber criminals use the Chrome browser extension called “AF” to get access to users’ personal information.
In addition, the malware works by sending bogus emails, which forces users to download it on their Google Chrome browser. Once the extension is installed, it spreads the virus and will hijack the victim’s Gmail account, enabling hackers to steal all user’s data.
According to the alert, security experts worldwide are concerned about the issue and have identified this critical security cyber security threat that is dangerous and affecting users globally.
According to the research of experts, it has been identified that the criminals are super active and belong to a North Korean hacking group named Kimsuky.
Moreover, the criminals are brilliant, and their primary target is to hijack famous personalities’ official accounts. Their main objective is to seize all the essential accounts of high-ranking officials, journalists, and politicians globally. The threat can be dangerous for anyone who uses Gmail.
On the other hand, the hijacking group is also trying to target Android smartphone users using Google’s web-to-phone synchronization feature.
In addition, they install apps from a PC onto a phone without the user’s permission, slowly and gradually infecting the victim’s smartphone with Fast Viewer malware. This dangerous malware leads to sensitive information such as camera usage, phone calls, and recordings being stolen.
PTA has spoken to Gmail and Chrome users to practice caution while opening emails from unidentified or dubious sources and to refrain from downloading any unknown file or extension from unreliable websites or sources.
In contrast, the team of experts had revealed that the extension is communications with the same infrastructure used earlier this month by a similar Chrome add-on that affected 4,000 installations before Google removed it from the Chrome Web store.
Hence, it so essential for every individual to take proactive measures and be very active while using Chrome for any purpose.
Unfortunately, the hijacking happened earlier with audio leaks and other essential files; the threat actors likely have a plan “C” via another parked extension that could facilitate the next infection wave.
Moreover, the authority advises downloading only well-known Google Chrome extensions from the Google Web Store and reading reviews to ensure that there are no security concerns if an email asking for the download of the extension is received.
The authority also advised enabling Multi-Factor Authentication (MFA) for Google accounts.
Hence, it is proved that the hijackers are not traced, and still, they are trying to spread the malware wherever they get a chance. Therefore, every individual is requested to take proactive measures at their end before getting infected.