marry 25.10.2024, 13:30 PM
A cyber-attack by the notorious Lazarus hacking group and its BlueNoroff subgroup has revealed a new vulnerability in Google Chrome.
The group used a zero-day exploit to take full control of infected systems. It is the latest in a long line of cyberattacks backed by North Korea.
The campaign was discovered when Kaspersky Total Security discovered a new version of the Manuscrypt malware on a computer in Russia.
Manuscrypt, a signature tool of the Lazarus group, has been in use since 2013. It has been used in more than 50 documented campaigns targeting governments, financial institutions, cryptocurrency platforms, and more. However, this case is special because the group rarely targets individuals directly.
The investigation traced the infection to a website, detankzone(.)com, which posed as a legitimate decentralized finance (DeFi) platform. Site visitors were unwittingly triggering the exploit just by accessing the site through Chrome. The game, advertised as an NFT online battle arena, was just a facade hiding malicious code that compromises the user’s system through the browser.
The exploit, which targeted a newly introduced feature in Chrome’s V8 JavaScript engine, allowed attackers to bypass the browser’s security mechanisms and gain remote control of affected devices. Kaspersky researchers immediately reported the vulnerability to Google, which released a patch within two days.
The Chrome vulnerabilities exploited in this attack are CVE-2024-4947 and V8 Sandbox Bypass which allowed Lazarus to bypass Chrome’s memory protection features.
While Kaspersky adhered to responsible disclosure practices, Microsoft reportedly released a similar report that revealed a zero-day element of the campaign. Because of this, Kaspersky released additional details, warning of the severity of the vulnerability and the need for users to update their browsers immediately.
Source: www.informacija.rs
