Businesses are being advised to make their IT teams aware of a North Korean-based cyber organisation known as Kimusuky who are using a malicious browser extension known as 'Sharpext' to steal emails from Gmail and AOL accounts.

According to reports, attackers are said to have installed the malicious web extension after infiltrating a victim's system and installing a custom script that replaces the 'Preferences' files with those installed from the malware command centre.

A victim may be scrolling through their emails and reading important information when it is stolen and read by third parties right in front of their eyes. The attack goes undetected because it gains access through an already logged-in session, which the email provider misses.

Because no suspicious activity alerts are activated, victims are frequently unaware that their information has been accessed and stolen. Sharpext has previously been used in targeted attacks on foreign policy and strategic individuals in Europe and other Western countries.

However, this malware has been used against both individuals and businesses, stealing information and potentially selling it to third parties. This can include customer information, bank information, and critical login information that can bring systems down and jeopardise your finances.

To avoid becoming a victim, guidance includes instructing teams to refrain from downloading and installing web extensions that appear suspicious and are not directly recommended by Google or other trusted authorities.

If you suspect that your systems have been compromised, scan them with anti-virus software and report an ongoing cybercrime to Action Fraud and the police.

The EMCRC is a not-for-profit organisation dedicated to educating, informing, and assisting businesses throughout the East Midlands - and beyond - in protecting them from cybercrime and fraud.

Why not join our free core membership? You'll get free cyber security resources as well as a regular newsletter to keep you up to date on the latest advice.

Please contact us for more information on protecting your business online.

Reporting

Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to report@phishing.gov.uk. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).