Don't be a victim of this Chrome extension

Kerem Gülen
Mar 27, 2023
Updated • Mar 27, 2023
Google Chrome

Users who have a Gmail account and utilize Chrome on their personal computers should exercise caution in response to a malicious cyber attack. This alarming threat involves a fraudulent Chrome browser extension known as "AF" that infiltrates computer systems and initiates the process of stealing personal data from Gmail inboxes. The severity of this attack stems from the potential for hackers to intercept and read confidential emails, posing a significant risk to user privacy and security.

A joint cybersecurity team consisting of the German Federal Office for the Protection of the Constitution and the National Intelligence Service of the Republic of Korea have identified a dangerous malware that poses a significant threat to users.

Security experts have advised individuals to remain vigilant as this vicious attack involves a fake Chrome extension that is installed through scam emails. The malware was initially reported in South Korea and has since expanded its reach to the United States and Europe.

Tip: check out our Chrome extension recommendations for 2022.

Upon installation, the malicious software begins to hijack user accounts, granting cybercriminals access to private and confidential messages, thereby compromising the user's online security and privacy.

The group responsible for this attack, known as Kimsuky, has reportedly targeted high-profile individuals such as diplomats, journalists, and politicians. However, the malware remains a significant threat to all users, as anyone can unwittingly download the AF extension and fall victim to this malicious attack.

What to do against this cyber attack?

It is, therefore, advisable for individuals to exercise caution and remain vigilant of any messages that prompt the downloading of files to Chrome. This incident serves as a timely reminder to always conduct thorough research before installing any new extensions on personal computers.

It is recommended to utilize official stores and carefully review user feedback before downloading any new extensions to minimize the risk of falling prey to malicious software.

Becoming a victim of this attack can have severe consequences, including the compromise of Android smartphones. Kimsuky's criminal operation employs the bug to not only hack Gmail accounts but also attack Android smartphones.

After compromising the Gmail service, the hackers can exploit Google's web-to-phone synchronization feature to install apps directly onto the phone without the user's consent. This represents a significant threat to user privacy and security and emphasizes the importance of taking precautions to protect personal data and devices.

These installed applications contain the FastViewer malware, which can perform a range of malicious actions, such as dropping files onto phones, stealing data, and more. In addition, this malware provides cybercriminals the capability to intercept phone calls, monitor keystrokes, and access the user's front-facing camera, thereby compromising user privacy and security.

While the FastViewer malware attack is not yet widespread, it remains a cause for concern. Thus, it is crucial to take all necessary measures to safeguard devices and ensure they are free from viruses to prevent potential harm to personal data and security.


Previous Post: «
Next Post: «


  1. JAMES GIBBONS said on April 5, 2023 at 1:36 am

    THERE IS A LOT OF INFO.ABOUT WHAT “AF” DOES….HOW DOES ONE GET TO REMOVE FROM MY MAC O/S that would be beneficial for non tech people like me….is there a way…please tell

  2. Andy Prough said on March 28, 2023 at 3:18 am

    >”initiates the process of stealing personal data from Gmail inboxes. The severity of this attack stems from the potential for hackers to intercept and read confidential emails, posing a significant risk to user privacy and security.”

    Is this article about a malicious chrome extension, or is it about the way that chrome/chromium treat their users every day?

    “Don’t allow a hacker group to steal and sell your gmail data. Only Google should be allowed to steal and sell your gmail data.”

    1. John G. said on March 28, 2023 at 12:20 pm

      @Andy +1, nice thought indeed. I wonder how many extensions are so dangerous.

    1. John G. said on March 27, 2023 at 10:15 pm

      It’s not too easy to write in english. :S

    2. basingstoke said on March 27, 2023 at 6:30 pm

      What is the deal with this? I saw something earlier where someone said “why use ‘utilise’ when we have the shorter ‘use”, and then about 10 billion people piled on about the differences in “use” and “utilise” .

      Personally I do care for grammar, quite a lot actually – it’s still really funny to see other peoples’ annoyance at the “misuse” of these words. Guess I am gonna start looking out for it now as well when I read things, lol.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.