Microsoft experts have found a vulnerability in the Chromium browser to steal cryptocurrencies
According to the company’s experts, it is being used by hackers from the DPRK
02.09.2024 - 12:51
88
2 min
0
What’s new? Microsoft experts have discovered a group of DPRK hackers exploiting a zero-day vulnerability in the open-source web browser Chromium to gain remote code execution (RCE) access. According to experts, the vulnerability, identified as CVE-2024-7971, targets the cryptocurrency sector.
What else is known? CVE-2024-7971 affects Chromium versions up to 128.0.6613.84 and is a Type Confusion Vulnerability in JavaScript and WebAssembly V8. It was discovered on August 19, and the Google team released a patch to fix it on August 21. To protect assets, Chromium users should make sure they are using the latest version.
Earlier this year, two similar vulnerabilities identified as CVE-2024-4947 and CVE-2024-5274 were already patched and discovered.
The group, which Microsoft identified as Citrine Sleet, is based in North Korea, is affiliated with the country’s government and targets organizations and individuals managing cryptocurrencies. Through social engineering methods, Citrine Sleet has conducted extensive reconnaissance of the crypto industry and associated individuals.
Attackers create fake websites disguised as legitimate crypto trading platforms and use them to distribute fake offers or invitations to download malware. Citrine Sleet most commonly uses its own AppleJeus trojan, which collects information needed to seize control of victims’ crypto assets.
Developers have revealed a new method for hacking hardware bitcoin wallets
With its help, an attacker can get the full seed phrase for a victim’s wallet from two of its blockchain transactions
Earlier, cybersecurity solutions provider Check Point discovered freely distributed Styx Stealer malware to steal data and cryptocurrencies using a clipping mechanism.
Useful material?
Incidents
The company conducted fictitious trading for six years to inflate the trading volume of tokens of several companies, receiving payment for these services
Nov 1, 2024
Market
1,5 million addresses have already left applications
Oct 31, 2024
Business
The company began investing in bitcoin in 2020, and since then, the value of its securities has risen by 1700%
Oct 30, 2024
Mining
The Deputy Energy Minister explained that in deficit regions, it is impossible to allocate large capacities for industry enterprises until 2030
Oct 30, 2024
Market
Customers will also be able to withdraw funds to bank accounts using cards
Oct 30, 2024
Mining
Blockware noted increased investor interest in this type of asset due to inflation concerns
Oct 29, 2024