Volexity reported that SharpTongue, a North Korea-linked actor often publicly called Kimsuky, deployed a malicious Chromium-based browser extension named SHARPEXT against targets in the United States, Europe, and South Korea working on North Korea, nuclear, weapons, and other strategic topics. SHARPEXT is installed after compromise and steals mail directly from Gmail and AOL webmail sessions rather than focusing on credential theft. The extension supports Chrome, Edge, and Naver Whale, reflecting South Korean targeting, and is loaded by attacker scripts that replace browser Preferences and Secure Preferences files with C2-provided configuration. Volexity’s findings show SharpTongue evolving from documented tooling to a stealthier mail-exfiltration capability tailored to policy and security targets of interest to North Korea.