They then abused Google Play’s web-smartphone synchronization function to install a remote access trojan (RAT).
The attacker logs into the victim’s Google account they previously exploited through phishing emails and other methods. The joint cybersecurity advisory also discovered another campaign leveraging a malicious Android app to steal user information. A sister hacking campaign leverages a malicious Android app It then sends them to the threat actor’s server by abusing the DevTools API to bypass security.Īlthough the campaign targets victims in South Korea, the threat actor could use the same tactics to target individuals working for organizations in the US, Europe, and other parts of the world. The malicious Chrome extension activates and extracts the victims’ Gmail emails when they visit their account via the infected browser.
However, it does not automatically appear on the extensions list and only appears after visiting the “chrome|edge|brave://extensions” page. Named “AF,” the malicious Chrome extension runs on Chromium-based browsers such as Google Chrome, Microsoft Edge, and Brave.
0 kommentar(er)
