North Korean hackers have used Google Chrome extensions to gather personal data from South Koreans.
The hack, which forms part of a long-running attempt at cyber-espionage by the pariah state, employed a complex act of software trickery to install fake translation programs on the devices of unsuspecting victims.
Once inside, passwords, emails and other bits of personal data were in the hands of the Pyongyang-backed actors.
According to a new report by American cloud security company Zscaler, the hack occurred in March 2024, and used a Chrome extension named “TRANSLATEXT.”
TRANSLATEXT, which Zscaler said “masqueraded” as a legitimate Google translation program, was uploaded to code-sharing platform GitHub as “GoogleTranslate.crx.”
Analysts could not confirm the specific delivery method of TRANSLATEXT to users’ computers. However, Zscaler said that hackers could have enforced the installation of the malware onto computers without user permission using a Windows registry key.