Gmail attack: Hackers breach foolproof security settings to read your emails

Gmail attack: Hackers breach foolproof security settings to read your emails
© Getty/ Caroline Purser
Gmail attack: Hackers breach foolproof security settings to read your emails
More under this ad

Security experts say a North Korean group have found ways to access Gmail accounts without credentials.

Google’s Gmail has put in place several robust security measures to protect user data. Having a strong password and enabling 2-Step Verification are the two basic features that users are encouraged to use to stay protected online. However, it was recently discovered that a powerful hacking group based in North Korea, has devised means of accessing user accounts and silently reading emails without needing login credentials.

Discover our latest podcast

SharpTongue

Forbes has reported the discovery of a malware called SHARPEXT, believed to have been developed by North Korean threat group, SharpTongue. According to the article, the discovery was made by cybersecurity firm, Volexity which explains that the malware works by 'directly inspecting and exfiltrating' data from Gmail accounts as users browse.

More under this ad
More under this ad

The bug can reportedly steal email from Gmail and AOL webmail accounts and is effective on Google and Microsoft browsers. According to the Forbes piece:

There is nothing to alert Google and the user that someone has logged into Gmail from a different browser, machine, or location. Bypassing this protection is crucial as it means the threat actors can remain truly persistent, reading all the received and sent emails as if they were the user themselves.
More under this ad
More under this ad
thumbnail
Getty/ Nipitphon Na Chiangmai / EyeEm

Are you a target?

Cybersecurity experts suspect hackers have espionage intentions for launching these attacks and would probably be targeting government officials, security agencies and journalists among others.

More under this ad
More under this ad

However, the average user is not the target of the group and so should not worry too much about its activities. Ian Thornton-Trump is a former criminal intelligence analyst with the Royal Canadian Mounted Police.

Email attacks have broad impact and are perfect for lateral movement into third-party apps as well as access to sensitive information.
More under this ad
More under this ad

Gmail: Your email account is about to undergo these changes

Anxiety: How to cope with email anxiety at work

Email etiquette: Avoid these phrases in your work emails

More under this ad