Microsoft experts have found a vulnerability in the Chromium browser to steal cryptocurrencies

According to the company’s experts, it is being used by hackers from the DPRK

02.09.2024 - 12:51

138

2 min

What’s new? Microsoft experts have discovered a group of DPRK hackers exploiting a zero-day vulnerability in the open-source web browser Chromium to gain remote code execution (RCE) access. According to experts, the vulnerability, identified as CVE-2024-7971, targets the cryptocurrency sector.

Press release

What else is known? CVE-2024-7971 affects Chromium versions up to 128.0.6613.84 and is a Type Confusion Vulnerability in JavaScript and WebAssembly V8. It was discovered on August 19, and the Google team released a patch to fix it on August 21. To protect assets, Chromium users should make sure they are using the latest version.

Earlier this year, two similar vulnerabilities identified as CVE-2024-4947 and CVE-2024-5274 were already patched and discovered.

The group, which Microsoft identified as Citrine Sleet, is based in North Korea, is affiliated with the country’s government and targets organizations and individuals managing cryptocurrencies. Through social engineering methods, Citrine Sleet has conducted extensive reconnaissance of the crypto industry and associated individuals.

Attackers create fake websites disguised as legitimate crypto trading platforms and use them to distribute fake offers or invitations to download malware. Citrine Sleet most commonly uses its own AppleJeus trojan, which collects information needed to seize control of victims’ crypto assets.

Developers have revealed a new method for hacking hardware bitcoin wallets

With its help, an attacker can get the full seed phrase for a victim’s wallet from two of its blockchain transactions

Earlier, cybersecurity solutions provider Check Point discovered freely distributed Styx Stealer malware to steal data and cryptocurrencies using a clipping mechanism.

Author: