Monday, February 18, 2019
  • Google Releases New Chrome Password Warning Extension
  • In Dev: WiGLE Your Way Into A Hotspot with wiglr
  • The hidden costs and risks of free puppies (and open source)
  • Webinar: How to Become a Certified Ethical Hacker (CEH)
  • TWO WEEKS WITH THE APPLE WATCH

Security Boulevard

The home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chats
    • CISO Conversations
  • Library

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Data Security Malware Security Bloggers Network 

Home » Cybersecurity » Data Security » Malicious Chrome extension which sloppily spied on academics believed to originate from North Korea

Malicious Chrome extension which sloppily spied on academics believed to originate from North Korea

by Graham Cluley on December 6, 2018

Computer users are being reminded once again to take care of the browser extensions they install after security experts discovered a hacking campaign that has been targeting academic institutions since at least May 2018.

Researchers at Netscout have warned of a state-sponsored attack dubbed “Stolen Pencil” that is thought to originate from North Korea.

The state-sponsored attack is relatively unusual for its use a malicious Google Chrome browser extension.

The hackers are said to have sent out emails to their targeted victims posing as academic institutions in order to trick them into clicking on a link.

In a message posted in September, one Twitter user described how they had received an email claiming to come from Dartmouth College. The email, which used the subject of nuclear deterrence as a lure, encouraged the recipient to visit a web link that contained a benign PDF file.

Upon reaching the webpage, the targeted user would be redirected to the installation page of a malicious browser extension called “Font Manager” in the Chrome Web Store.

In an attempt to increase the likelihood of targeted users installing the browser extension, Font Manager’s entry in the Chrome Web Store was accompanied by many “five star” reviews copied from other extensions. Amusingly, even the text of poor reviews was copied by those attempting to make their extension appear more reputable – which presumably wasn’t their intention.

Once in place, the extension was able to steal cookies and passwords from users’ Chrome browser sessions. Some compromised computers were also found to have had their email forwarded.

Researchers realized that the servers used to host the phishing sites had previously been used in other attacks that had compromised university networks.

Malware used in the campaign was designed to log keystrokes, hijack Ethereum cryptocurrency transactions and allow hackers to gain (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Graham Cluley. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/malicious-chrome-extension-which-sloppily-spied-on-academics-believed-to-originate-from-north-korea/

December 6, 2018December 6, 2018 Graham Cluley extension, Featured Articles, Google Chrome, IT Security and Data Protection, Malware, North Korea
  • ← More Than 100,000 PCs in China Infected by New Ransomware Strain
  • Thaumaturgic Security →
Featured Blog

Verodin Blog

Security Instrumentation for the Casino & Gaming Industry by Brian Contos

Verodin Blog

The Transformation of Talent & Technology by Kevin Morrison

Verodin Blog

Instrumenting Carbon Black with Verodin SIP

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

Dispelling the ‘Security as Bad Guy’ Myth
The Cryptojacking Boom May Be Over, but the Threat Remains
DevOps Chat: Shifting DevSec Left with ShiftLeft – RSAC Edition
New Shlayer Malware Variant Targeting Macs
Consumer Privacy in Question Over Ring Video Files
Cybersecurity Science Project or Immediate Value: Which Do You Prefer?
How to Defend Against The runC Container Vulnerability
How Hackable Is Your Dating App?
Backend Office 365™ with LDAP?
Beyond Tor: Examining the Uncharted Corners of the Dark Web

Upcoming Webinars

Tue 26

Reducing Risk of Credential Compromise at Netflix

February 26 @ 1:00 pm - 2:00 pm
Apr 01

Container Security: Securing from Within

April 1 @ 1:00 pm - 2:00 pm

More Webinars

Download Free eBook

Seeing Red: Understanding Red Team Security

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

Cybersecurity Issues in Mobile App Development
Cybersecurity Industry Spotlight Mobile Security Security Boulevard (Original) 

Cybersecurity Issues in Mobile App Development

February 18, 2019 Ritesh Patil | 11 hours ago 0
What is Data in Vicinity?
Cybersecurity Endpoint Industry Spotlight Security Boulevard (Original) 

What is Data in Vicinity?

February 15, 2019 Mike Fong | 3 days ago 0
The Cryptojacking Boom May Be Over, but the Threat Remains
Cybersecurity Industry Spotlight Network Security Security Boulevard (Original) 

The Cryptojacking Boom May Be Over, but the Threat Remains

February 14, 2019 Jeremy Moskowitz | 4 days ago 0

Top Stories

WordPress Sites Hacked Through Vulnerable Payment Forms Plug-in
Data Security DevOps Featured Identity & Access News Security Boulevard (Original) Spotlight Vulnerabilities 

WordPress Sites Hacked Through Vulnerable Payment Forms Plug-in

February 15, 2019 Lucian Constantin | 2 days ago 0
New Shlayer Malware Variant Targeting Macs
Endpoint Featured Malware News Security Boulevard (Original) Spotlight Threats & Breaches Vulnerabilities 

New Shlayer Malware Variant Targeting Macs

February 14, 2019 Lucian Constantin | 3 days ago 0
IBM Warns Retailers of Trojan Threat
Application Security Cloud Security Cybersecurity Featured Network Security News Security Boulevard (Original) Spotlight Threats & Breaches 

IBM Warns Retailers of Trojan Threat

February 12, 2019 Michael Vizard | Feb 12 0

Security Humor

via   Luke Kingma and Lou Patrick-Mackay at   Futurism Cartoons

Luke Kingma and Lou Patrick-Mackay’s Futurism: “Here’s The Story Of A Failed Group FaceTime”

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2019 MediaOps Inc. All rights reserved.

Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.