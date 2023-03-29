A group of cybercriminals is using an extension compatible with Google Chrome, Microsoft Edge and Brave browsers to steal information from emails, according to reports from German and South Korean government institutions.

According to the German Federal Office for the Protection of the Constitution (BfV) and the National Intelligence Service of the Republic of South Korea (NIS), identified the program to which they refer with the name “AF”, would be focused on an operation of espionage to which some high-ranking officials in different governments of the world could be vulnerable.

According to the document, these types of people would be the main targets of these attacks.

The cyberattack starts as a phishing email that arrives in the inbox with malicious links that redirect users to websites where they are prompted to download and install extensions for their browsers.

After finishing this process, the victim could start their session in the Gmail service, which would trigger the activation of the malicious extension, whose mission is to steal all the content available in the emails and send them to a safe place where they only have access by the cybercriminal and his accomplices.

This methodology to execute cyberattacks can be directed at cell phones since applications can be installed remotely on these devices.

