Friday, August 19, 2022
  • Anton’s Security Blog Quarterly Q3 2022
  • July Tesla Sales Crashed in Germany and Norway: Not Even on Chart
  • Friday Squid Blogging: The Language of the Jumbo Flying Squid
  • Data Protection Solutions: Safeguard Your Data From Cyberattacks & Other Threats
  • Analysis of Clop’s Attack on South Staffordshire Water – UK

Security Boulevard Logo

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Events
    • Upcoming Events
    • Upcoming Webinars
    • On-Demand Events
    • On-Demand Webinars
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library
  • Related Sites
    • Techstrong Group
    • Container Journal
    • DevOps.com
    • Security Boulevard
    • Techstrong Research
    • Techstrong TV
    • Devops Chat
    • DevOps Dozen
    • DevOps TV
    • Digital Anarchist
  • Media Kit
  • About Us

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Data Security Malware Security Bloggers Network 

Home » Cybersecurity » Data Security » Malicious Chrome extension which sloppily spied on academics believed to originate from North Korea

SBN

Malicious Chrome extension which sloppily spied on academics believed to originate from North Korea

by Graham Cluley on December 6, 2018

Computer users are being reminded once again to take care of the browser extensions they install after security experts discovered a hacking campaign that has been targeting academic institutions since at least May 2018.

AppSec/API Security 2022

Researchers at Netscout have warned of a state-sponsored attack dubbed “Stolen Pencil” that is thought to originate from North Korea.

The state-sponsored attack is relatively unusual for its use a malicious Google Chrome browser extension.

The hackers are said to have sent out emails to their targeted victims posing as academic institutions in order to trick them into clicking on a link.

In a message posted in September, one Twitter user described how they had received an email claiming to come from Dartmouth College. The email, which used the subject of nuclear deterrence as a lure, encouraged the recipient to visit a web link that contained a benign PDF file.

Upon reaching the webpage, the targeted user would be redirected to the installation page of a malicious browser extension called “Font Manager” in the Chrome Web Store.

In an attempt to increase the likelihood of targeted users installing the browser extension, Font Manager’s entry in the Chrome Web Store was accompanied by many “five star” reviews copied from other extensions. Amusingly, even the text of poor reviews was copied by those attempting to make their extension appear more reputable – which presumably wasn’t their intention.

Once in place, the extension was able to steal cookies and passwords from users’ Chrome browser sessions. Some compromised computers were also found to have had their email forwarded.

Researchers realized that the servers used to host the phishing sites had previously been used in other attacks that had compromised university networks.

Malware used in the campaign was designed to log keystrokes, hijack Ethereum cryptocurrency transactions and allow hackers to gain (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Graham Cluley. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/malicious-chrome-extension-which-sloppily-spied-on-academics-believed-to-originate-from-north-korea/

December 6, 2018December 6, 2018 Graham Cluley extension, Featured Articles, Google Chrome, IT Security and Data Protection, Malware, North Korea
  • ← More Than 100,000 PCs in China Infected by New Ransomware Strain
  • Thaumaturgic Security →

TechStrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows

Subscribe to our Newsletters

Most Read on the Boulevard

Gmail Lets Candidates Spam You — FEC FAIL
The Power of Provenance: From Reactive to Proactive Cybersecurity
Lacework Adds Time Series Modeling to Cybersecurity Platform
Incident Response Teams Fight Back With Virtual Patching
Cybersecurity in the Wake of Ukraine
What the SEC Can Tell Us About Board Governance of Cyber Risk
The Week in Cybersecurity: MFA shortcomings paved the way for Cisco breach
1.5 Million Customers Impacted By US Bank Data Breach – Possible Lessons Learned
Black Hat insights: Getting bombarded by multiple ransomware attacks has become commonplace
Black Hat: We Should Have Seen The Colonial Ransomware Attack Coming

Upcoming Webinars

Mon 22

API Security

August 22 @ 1:00 pm - 2:00 pm
Wed 24

Implementing Identity Access Prioritization and Risk-Based Alerting for High-Fidelity Alerts

August 24 @ 1:00 pm - 2:00 pm
Tue 30

CISO Talk Master Class Episode: Catch Lightning in a Bottle – The Essentials: Bringing It All Together

August 30 @ 1:00 pm - 2:00 pm
Sep 15

Finding Suspicious Events with AWS CloudTrail: Fundamentals and Best Practices

September 15 @ 11:00 am - 12:00 pm
Sep 19

Identity Zero-Trust: From Vision to Practical Implementation

September 19 @ 11:00 am - 12:00 pm
Sep 20

SaaS Security Trends, Challenges and Solutions for 2022

September 20 @ 11:00 am - 12:00 pm
Sep 21

Doing More With Less: How to Improve AppSec Programs When Budgets Decrease

September 21 @ 1:00 pm - 2:00 pm

More Webinars

Download Free eBook

The Dangers of Open Source Software and Best Practices for Securing Code

Industry Spotlight

Self-Driving Vehicles: A Serious Security Risk?
Cybersecurity Industry Spotlight Security Boulevard (Original) 

Self-Driving Vehicles: A Serious Security Risk?

August 19, 2022 Millie Fuller | Yesterday 0
4 Common Automotive Cybersecurity Vulnerabilities
Cybersecurity Industry Spotlight Security Boulevard (Original) 

4 Common Automotive Cybersecurity Vulnerabilities

August 19, 2022 Joe Agee | Yesterday 0
Gmail Lets Candidates Spam You — FEC FAIL
Application Security Cloud Security Cloud Security Cyberlaw Cybersecurity DevOps Editorial Calendar Featured Governance, Risk & Compliance Identity & Access Incident Response Industry Spotlight Most Read This Week Network Security News Popular Post Security Boulevard (Original) Social Engineering Spotlight Threat Intelligence Threats & Breaches 

Gmail Lets Candidates Spam You — FEC FAIL

August 15, 2022 Richi Jennings | 4 days ago 0

Top Stories

VPNs Don’t Work on iOS — and Apple Doesn’t Care
Analytics & Intelligence API Security Application Security Cloud Security Cloud Security Cybersecurity Data Security Editorial Calendar Endpoint Featured Identity & Access Incident Response Mobile Security Most Read This Week Network Security News Popular Post Security Awareness Security Boulevard (Original) Spotlight Threats & Breaches Vulnerabilities 

VPNs Don’t Work on iOS — and Apple Doesn’t Care

August 19, 2022 Richi Jennings | Yesterday 0
Task Force Gives SMBs Blueprint to Defend Against Ransomware
Application Security Cybersecurity Data Security Featured Incident Response News Security Awareness Security Boulevard (Original) Spotlight Threat Intelligence Vulnerabilities 

Task Force Gives SMBs Blueprint to Defend Against Ransomware

August 18, 2022 Teri Robinson | 1 day ago 0
Radware Report Sees Major Spike in DDoS Attacks
Featured News Spotlight Uncategorized 

Radware Report Sees Major Spike in DDoS Attacks

August 17, 2022 Michael Vizard | 2 days ago 0

Security Humor

XKCD ‘Gen Z’

XKCD ‘Gen Z’

Security Boulevard Logo White

DMCA

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: [email protected]

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • DMCA Compliance Statement
  • Privacy Policy

Related Sites

  • Techstrong Group
  • Container Journal
  • DevOps.com
  • Techstrong Research
  • Techstrong TV
  • DevOps Chat
  • DevOps Dozen
  • DevOps TV
  • Digital Anarchist
Powered by Techstrong Group
Copyright © 2022 Techstrong Group Inc. All rights reserved.