The cybersecurity world has once again been shaken by the activities of the North Korean-backed Lazarus group. Lazarus, known for its attacks on cryptocurrencies, recently targeted vulnerabilities in Google Chrome. It was stated that the group took advantage of the popularity of DeFi games.
North Korea attacked with Google Chrome vulnerability
North Korea-backed hacker group Lazarus has launched a new social engineering attack to steal cryptocurrency and personal data. According to Kaspersky, Lazarus launched an attack that mimics a popular game called DeFiTankLand. The attackers created a fake website called DeTankZone that mimics the game.
Users visiting the DeTankZone site were targeted by two separate vulnerabilities in the Google Chrome browser. The first was a “type confusion” bug that corrupted the browser’s memory. The bug, tracked by CVE-2024-4947, allowed Lazarus to access the address field in Chrome and steal cookies, authentication credentials, browsing histories and passwords from victims’ computers.
Attackers also used a separate vulnerability in Chrome to remotely run code on devices. Google said it released fixes for the vulnerabilities in version 125.0.6422.60/.61. However, Kaspersky said Lazarus is still running its DeTankZone campaign to target cryptocurrency users.
This social engineering and technical attack shows that Lazarus continues to work to support and fundraise for the North Korean regime. This is why cryptocurrency users were advised to update Chrome.
{{user}} {{datetime}}
{{text}}