Your inbox could be at risk, as a new hack has the ability to infiltrate your messages without needing your passwords or your two-factor authentication key.
Login credentials are infamously considered the first line of defense against hacks and security breaches. A good password along with two-factor authentication can stop most hackers in their tracks, making it impossible to get ahold of your personal information.
Unfortunately, there’s a new cyber attack out there that can completely bypass these digital road blocks, allowing hackers unfettered access to your inbox.
New Cyber Attack Doesn’t Need Your Password
According to cybersecurity researchers at Volexity, a new email-based cyberattack is foregoing the need for login credentials to gain access to your inbox. The malware, dubbed SHARPEXT, originates from well-known threat actor SharpTonguage, a North Korean group that also goes by the name Kimsuky.
“SHARPEXT differs from previously documented extensions used by the ‘Kimsuky’ actor, in that it does not try to steal usernames and passwords. Rather, the malware directly inspects and exfiltrates data from a victim’s webmail account as they browse it,” read the post from Volexity.
Even worse, this malware has already been updated on three different occasions, making it that much more unsettling for potential victims. The malware can infect virtually any device that has already been compromised, which as we know, is quite common for everyday users.
How to Protect Yourself Online
In most cases of potential online risks, we’d recommend users to shore up their login credentials, signing up for a password manager and ensuring your passwords are secure. Unfortunately, this cyber attack is poised to dodge those obstacles, but there has to be another way, right?
The only upside to this threat is that it can only attack those with devices that are already compromised. Granted, compromised devices are a dime a dozen in 2022, but if you’re still safe, there are a few ways to make sure your device stays invulnerable.
First off, downloading antivirus software is likely your best bet here. It can detect malware and even eradicate it in some instances, which will keep your device from being compromised, stopping this threat before it can get started. Additionally, being vigilant online is key, as falling victim to a phishing scam could also open you up to being attacked.