In late 2022, the North Korean-linked group SharpTongue deployed SHARPEXT, a sophisticated, malicious browser extension designed to steal emails directly from active Gmail and AOL sessions. This malware bypasses Multi-Factor Authentication (MFA) by operating post-authentication within Chromium-based browsers to secretly exfiltrate data to a command-and-control server. You can read the full analysis at Volexity. AI responses may include mistakes. Learn more
