According to the alert issued by PTA, the cybercriminals are using a fake Google Chrome browser extension called “AF” to harvest personal information from victims’ Gmail accounts.
The malware is being distributed through bogus emails, which trick users into downloading it on their Google Chrome browser. Once the extension is installed, the virus will hijack the victim’s Gmail account, allowing hackers to steal personal information.
According to the alert, security experts from around the world have identified this critical cybersecurity threat that is affecting users globally. The criminals behind the attack are believed to be a North Korean hacking group known as Kimsuky. While their primary targets are high-ranking officials, politicians, and journalists globally, this threat can affect anyone who uses Gmail.
According to the PTA, the group is also targeting Android smartphones using Google’s web-to-phone synchronization feature. They can install apps from a PC onto a phone without the user’s permission, potentially infecting the victim’s smartphone with FastViewer malware. This can lead to sensitive information, such as phone calls and camera usage, being stolen.
PTA has asked Gmail and Google Chrome users to exercise caution while opening emails from unidentified or dubious sources and to refrain from downloading any file or extension from unreliable websites.
The Authority has recommended verifying the reliability of the extension and the source before installation, in case an email is received asking to download the extension and to download only popular Google Chrome extensions from the Chrome web store, and read reviews to be sure there are no security issues. The authority has also recommended enabling multi-factor authentication (MFA) on Google accounts.