This Malware Can Access Your Inbox Without Your Password

A new cyber threat is able to access Gmail and AOL webmail inboxes, bypassing passwords and two-factor authentication.

Your inbox could be at risk, as a new hack has the ability to infiltrate your messages without needing your passwords or your two-factor authentication key.

Login credentials are infamously considered the first line of defense against hacks and security breaches. A good password along with two-factor authentication can stop most hackers in their tracks, making it impossible to get ahold of your personal information.

Unfortunately, there’s a new cyber attack out there that can completely bypass these digital road blocks, allowing hackers unfettered access to your inbox.

New Cyber Attack Doesn’t Need Your Password

According to cybersecurity researchers at Volexity, a new email-based cyberattack is foregoing the need for login credentials to gain access to your inbox. The malware, dubbed SHARPEXT, originates from well-known threat actor SharpTonguage, a North Korean group that also goes by the name Kimsuky.

“SHARPEXT differs from previously documented extensions used by the ‘Kimsuky’ actor, in that it does not try to steal usernames and passwords. Rather, the malware directly inspects and exfiltrates data from a victim’s webmail account as they browse it,” read the post from Volexity.

Even worse, this malware has already been updated on three different occasions, making it that much more unsettling for potential victims. The malware can infect virtually any device that has already been compromised, which as we know, is quite common for everyday users.

How to Protect Yourself Online

In most cases of potential online risks, we’d recommend users to shore up their login credentials, signing up for a password manager and ensuring your passwords are secure. Unfortunately, this cyber attack is poised to dodge those obstacles, but there has to be another way, right?

The only upside to this threat is that it can only attack those with devices that are already compromised. Granted, compromised devices are a dime a dozen in 2022, but if you’re still safe, there are a few ways to make sure your device stays invulnerable.

First off, downloading antivirus software is likely your best bet here. It can detect malware and even eradicate it in some instances, which will keep your device from being compromised, stopping this threat before it can get started. Additionally, being vigilant online is key, as falling victim to a phishing scam could also open you up to being attacked.

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at

Written by:
Conor is the Lead Writer for For the last six years, he’s covered everything from tech news and product reviews to digital marketing trends and business tech innovations. He's written guest posts for the likes of Forbes, Chase, WeWork, and many others, covering tech trends, business resources, and everything in between. He's also participated in events for SXSW, Tech in Motion, and General Assembly, to name a few. He also cannot pronounce the word "colloquially" correctly. You can email Conor at
Explore More See all news
Back to top
close Thinking about your online privacy? NordVPN is's top-rated VPN service See Deals