Security researchers from Volexity spoke about attacks on browsers based on the Chromium engine, c
Virus steals emails from browsersGoogle Chrome, Microsoft Edge and Whale. The attack starts from the moment the operating system is compromised through a custom VBS script. The virus script replaces the system files "Preferences" and "Secure Preferences" with those downloaded from the operator's command and control server, which are downloaded to the computer before the extension itself is launched.
Presumably, behind such attacks iscyber group Kimsuky from North Korea. The attacks target public figures and politicians from South Korea, Europe and the United States. Experts explain the effectiveness of attacks by the inability of e-mail services, Gmail and AOL, to detect malicious activity - the virus uses an active legitimate user session. The situation is the same on the side of the victim's account - there will be no notifications of suspicious activity.
"The malicious addon directly monitors and extractsdata from the victim's mail account at the moment when she checks incoming messages. By the way, attackers do not forget to develop and upgrade the extension, currently its version is 3.0,” Volexity experts noted.