German and South Korean government agencies have issued a joint advisory warning about the Kimsuky threat actor’s spear-phishing attacks using rogue browser extensions to steal users’ Gmail inboxes. Kimsuky, also known as Black Banshee, Thallium, and Velvet Chollima, is a subordinate element within North Korea’s Reconnaissance General Bureau known to collect strategic intelligence on geopolitical events and negotiations affecting North Korea’s interests. The group primarily targets entities in the US and South Korea, especially individuals working within the government, military, manufacturing, academic, and think tank organizations. Recent attacks by Kimsuky suggest an expansion of its cyber activity to include Android malware strains such as FastFire, FastSpy, FastViewer, and RambleOn. The group has been observed logging into victims’ Google accounts and installing malicious apps on their devices. These malware-laced apps have the capability to harvest sensitive information by abusing Android’s accessibility services.
Source: The Hacker News
To mitigate potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net or you can try your self using check.website.