North Korean hackers have used Google Chrome extensions to gather personal data from South Koreans.
The hack, which forms part of a long-running attempt at cyber-espionage by the pariah state, employed a complex act of software trickery to install fake translation programs on the devices of unsuspecting victims.
Once inside, passwords, emails and other bits of personal data were in the hands of the Pyongyang-backed actors.
According to a new report by American cloud security company Zscaler, the hack occurred in March 2024, and used a Chrome extension named "TRANSLATEXT."
TRANSLATEXT, which Zscaler said "masqueraded" as a legitimate Google translation program, was uploaded to code-sharing platform GitHub as "GoogleTranslate.crx."
Analysts could not confirm the specific delivery method of TRANSLATEXT to users' computers. However, Zscaler said that hackers could have enforced the installation of the malware onto computers without user permission using a Windows registry key.
"Users must always be cautious when downloading software from unknown and untrusted sources," a spokesperson for Google told Newsweek. "Whether it's packaged as an app, an extension, or other type of computer program, relying on known sources like the Chrome Web Store is key to protecting both your privacy and security."
Google pointed out that the extension was not an official product from the Chrome Web Store.
Once inside, the fake translation extension was able to steal email addresses and passwords, take screenshots, and pilfer chunks of personal data from the unaware victims.
One such victim was a South Korean academic, who specializes in geopolitical issues concerning the Korean peninsula.
The attacks were traced back to the hacking organization Kimsuky, a state-backed group known to target worldwide targets and gather intelligence for the North Korean Government.
Operational since at least 2013, Kimsuky is listed by the U.S, Cybersecurity & Infrastructure Security Agency as an "advanced persistent threat."
In July 2022, Kimsuky also reportedly used malicious Chrome extensions to target users in the U.S., Europe and South Korea.
This latest revelation is in-keeping with recent North Korean attempts at cyber espionage.
Alongside China, North Korea has been known to engage in cyber espionage against the U.S. and its allies on numerous occasions.
In May, the state-affiliated "Lazarus" hacker group accessed the personal emails of over 100 individuals in South Korea, including the accounts of national security staff and senior defense officials.
Newsweek has contacted the North Korean embassy in Beijing for their response to the report.
The attack also coincides with a period of heightened tension between North Korea and its southern neighbor.
In response to South Korean activists flying anti-DPRK leaflets into North Korea, the country has responded by flying balloons filled with garbage over the border.
There have also been three instances in the past four weeks in which warning shots were fired by South Korea troops, after soldiers from the North reportedly crossed the Military Demarcation Line along the inter-Korean border.
During a visit to Pyongyang earlier in June, Vladimir Putin and Kim Jong Un signed a strategic partnership agreement, promising to come to other's military aid if either is attacked.
The move immediately drew the ire of South Korea, who warned that North Korea's renewed partnership with Moscow "should be of grave concern to anyone with an interest in maintaining peace and stability on the Korean Peninsula."
Do you have a story we should be covering? Do you have any questions about this article? Contact LiveNews@newsweek.com
About the writer
Hugh Cameron is Newsweek Live News Reporter based in London, U.K. His focus is reporting on international politics, conflict, and ... Read more
