North Korean hackers use fake game to hack Google Chrome security flaw

2 weeks ago

Hacker silhouette moving connected a laptop pinch North Korean emblem connected nan background

(Image credit: Getty Images)

The notorious Lazarus cybercrime pack has been recovered targeting cryptocurrency users pinch a “stolen” machine crippled to pull imaginable victims.

For those unfamiliar pinch Lazarus, it’s a North Korean state-sponsored hacking corporate known for targeting cryptocurrency companies and users, and has been responsible for immoderate of nan biggest crypto heists successful history, pinch nan money allegedly going into nan country’s authorities and weapons program.

Cybersecurity researchers from Kaspersky precocious recovered a caller run that uses a clone crippled to lure group to a website. Lazarus uses nan website to utilization 2 vulnerabilities successful nan Chrome browser, and yet bargain delicate information from nan device.

Cookies, tokens, and more

Kaspersky explained nan crooks utilized a DeFi (decentralized finance) crippled known arsenic DeFiTankLand, and simply rebranded it into DeTankZone. Users who sojourn nan impersonated tract and effort to download nan crippled will get a defunct merchandise that doesn’t activity past nan login/registration screen. However, while visiting nan website, a hidden book (index.tsx) will trigger an utilization for a type disorder vulnerability tracked arsenic CVE-2024-4947.

This vulnerability was discovered successful V8, Chrome’s JavaScript engine. When exploited, it corrupts nan browser’s memory, and overwrites it, granting nan crooks entree to nan reside abstraction of Chrome’s process. That, successful turn, allows them to drawback cookies, authentication tokens, browsing history, and saved passwords.

Since Chrome’s V8 is successful a sandbox, and JavaScript execution is isolated from nan remainder of nan system, Lazarus utilized a different vulnerability for distant codification execution, Kaspersky said.

The researchers spotted nan flaw successful mid-May 2024, and Google came backmost pinch a hole 2 weeks later, connected May 25. Cryptocurrency lovers who want to stay unafraid from Lazarus should bring their Chrome browsers astatine slightest to type 125.0.6422.60/.61. Lazarus has been operating this run since February, it was concluded.

Sign up to nan TechRadar Pro newsletter to get each nan apical news, opinion, features and guidance your business needs to succeed!

Via BleepingComputer

More from TechRadar Pro

Windows and Linux servers turned into crypto miners
Here's a database of nan best firewalls today
These are nan best endpoint protection tools correct now

Sead is simply a seasoned freelance journalist based successful Sarajevo, Bosnia and Herzegovina. He writes astir IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, information breaches, laws and regulations). In his career, spanning much than a decade, he’s written for galore media outlets, including Al Jazeera Balkans. He’s besides held respective modules connected contented penning for Represent Communications.

Source Technology