Wednesday, December 18, 2024

North Korea Uses Google to Steal Passwords

Must read

North Korean hackers have used Google Chrome extensions to gather personal data from South Koreans.

The hack, which forms part of a long-running attempt at cyber-espionage by the pariah state, employed a complex act of software trickery to install fake translation programs on the devices of unsuspecting victims.

Once inside, passwords, emails and other bits of personal data were in the hands of the Pyongyang-backed actors.

According to a new report by American cloud security company Zscaler, the hack occurred in March 2024, and used a Chrome extension named “TRANSLATEXT.”

TRANSLATEXT, which Zscaler said “masqueraded” as a legitimate Google translation program, was uploaded to code-sharing platform GitHub as “GoogleTranslate.crx.”

Analysts could not confirm the specific delivery method of TRANSLATEXT to users’ computers. However, Zscaler said that hackers could have enforced the installation of the malware onto computers without user permission using a Windows registry key.

Newsweek has contacted Google’s press team for their response to the hack.

Hackers allegedly used a fake Google Chrome extension, which appeared to be a translation tool, to access victims’ computers. Once inside, they were able to take screenshots of users’ browsers, and steal various types of…


Associated Press

Once inside, the fake translation extension was able to steal email addresses and passwords, take screenshots, and pilfer chunks of personal data from the unaware victims.

One such victim was a South Korean academic, who specializes in geopolitical issues concerning the Korean peninsula.

The attacks were traced back to the hacking organization Kimsuky, a state-backed group known to target worldwide targets and gather intelligence for the North Korean Government.

Stock image computer hacker
Analysts say the state-backed group Kimsuky was able to use a fake Google Chrome extension to access users’ computers and steal personal information.

Getty Images

Operational since at least 2013, Kimsuky is listed by the U.S, Cybersecurity & Infrastructure Security Agency as an “advanced persistent threat.”

In July 2022, Kimsuky also reportedly used malicious Chrome extensions to target users in the U.S., Europe and South Korea.

This latest revelation is in-keeping with recent North Korean attempts at cyber espionage.

Alongside China, North Korea has been known to engage in cyber espionage against the U.S. and its allies on numerous occasions.

In May, the state-affiliated “Lazarus” hacker group accessed the personal emails of over 100 individuals in South Korea, including the accounts of national security staff and senior defense officials.

Newsweek has contacted the North Korean embassy in Beijing for their response to the report.

Tensions rise on South-North Korea border
Barricades are placed near the Demilitarized Zone on June 11, 2024 in Paju, South Korea. Tensions at the border has escalated in recent weeks, North Korea launching of hundreds of trash-filled balloons across the border…


Chung Sung-Jun/Getty Images

The attack also coincides with a period of heightened tension between North Korea and its southern neighbor.

In response to South Korean activists flying anti-DPRK leaflets into North Korea, the country has responded by flying balloons filled with garbage over the border.

There have also been three instances in the past four weeks in which warning shots were fired by South Korea troops, after soldiers from the North reportedly crossed the Military Demarcation Line along the inter-Korean border.

During a visit to Pyongyang earlier in June, Vladimir Putin and Kim Jong Un signed a strategic partnership agreement, promising to come to other’s military aid if either is attacked.

The move immediately drew the ire of South Korea, who warned that North Korea’s renewed partnership with Moscow “should be of grave concern to anyone with an interest in maintaining peace and stability on the Korean Peninsula.”

Do you have a story we should be covering? Do you have any questions about this article? Contact LiveNews@newsweek.com