A hacking group related to North Korea is exploiting a zero-day in the Chromium browser to steal cryptocurrency.
A zero-day vulnerability that has been recently patched by the developers of Google Chrome is being exploited by North Korean hackers to steal cryptocurrency.
According to The Hacker News, North Korea and especially its group of hackers called the Lazarus Group has already made it a habit to introduce zero-day vulnerabilities targeting the Windows ecosystem into its arsenal and a hacker group related to North Korea – the so-called “Lazarus Group” is now apparently trying to exploit a new zero-day vulnerability that allows hackers to bypass the restrictions set by the browser and remotely run code in the renderer of a browser. The North Korean hackers are smart and also combine the vulnerability with another exploit to make themselves able to trick people into downloading malicious cryptocurrency wallets.
According to multiple sources, the zero-day vulnerability was exploited by North Korean hackers in the following way:
As a result of the above three steps, North Korean hackers can monitor the crypto activity of a specific user who owns a digital wallet and steal their cryptocurrency when applicable. Hackers are also said to have combined this vulnerability with a vulnerability targeting the Windows kernel to install a rootkit called FudModule, which, according to some security researchers, is almost a unique signature of the Lazarus Group – a North Korean-sponsored hacking group.
The FudModule rootkit allows hackers affiliated with the Lazarus Group to exploit a security vulnerability in the Windows AppLocker (appid.sys) driver to turn off security measures and move further when harming the computer/server infrastructure of a potential victim.
Needless to say, please update all of your Chromium-based products ASAP. Only Chromium-based browsers are affected by this exploit, and the exploit manifests in all versions up until version 128.0.6613.84.
The Lazarus Group which is said to be affiliated to North Korea is said to be setting up websites posing as real crypto exchanges that lets users download infected digital wallets, then steal the cryptocurrency stored on those wallets. Keep your software and especially your browsers up to date – and if you need an answer to the question of why, read this blog once again.
The Lazarus Group is said to be a group of hackers consisting of an unknown number of individuals. The Lazarus Group is said to be subordinate to the North Korean government and is said to be active from the 2010s.
All versions of Chromium-based browsers up until version 128.0.6613.84 are affected by this security vulnerability. Please upgrade your Chromium browsers ASAP.
If your Chromium browser is up to date, you don’t log in to unknown websites, don’t click on suspicious links, and keep your mnemonics and private keys safe, most likely not. Regardless, it is advisable to follow security practices whatever happens.
There have been rumors about a data breach targeting Schneider Electric. Did a data breach…
There have been rumors about the Fiskars Group – the company behind Fiskars scissors and…
Russia has fined Google more than two undecillion roubles because Google has refused to pay…
Why does RockYou 2024.txt look like a binary file when you open it up? Find…
Duolicious is a dating app that connects people who are “chronically online.” Did the Duolicious…
This blog will tell you what RockYou 2024 is, how RockYou 2024.txt came to be,…