1. Forum
  2. tqwNet
  3. TQW GENTECH

  • North Korean hackers use fake game to hack Google Chrome security

    From TechnologyDaily@1337:1/100 to All on Thursday, October 24, 2024 16:45:05
    North Korean hackers use fake game to hack Google Chrome security flaw

    Date:
    Thu, 24 Oct 2024 15:31:00 +0000

    Description:
    Zero-day flaw used to steal sensitive data from the browser, ultimately going for people's crypto.

    FULL STORY ======================================================================

    The notorious Lazarus cybercrime gang has been found targeting cryptocurrency users with a stolen computer game to attract potential victims.

    For those unfamiliar with Lazarus, its a North Korean state-sponsored hacking collective known for targeting cryptocurrency companies and users, and has been responsible for some of the biggest crypto heists in history, with the money allegedly going into the countrys government and weapons program.

    Cybersecurity researchers from Kaspersky recently found a new campaign that uses a fake game to lure people to a website. Lazarus uses the website to exploit two vulnerabilities in the Chrome browser , and ultimately steal sensitive data from the device. Cookies, tokens, and more

    Kaspersky explained the crooks used a DeFi (decentralized finance) game known as DeFiTankLand, and simply rebranded it into DeTankZone. Users who visit the impersonated site and try to download the game will get a defunct product
    that doesnt work past the login/registration screen. However, while visiting the website, a hidden script (index.tsx) will trigger an exploit for a type confusion vulnerability tracked as CVE-2024-4947.

    This vulnerability was discovered in V8, Chromes JavaScript engine. When exploited, it corrupts the browsers memory, and overwrites it, granting the crooks access to the address space of Chromes process. That, in turn, allows them to grab cookies, authentication tokens, browsing history, and saved passwords.

    Since Chromes V8 is in a sandbox, and JavaScript execution is isolated from the rest of the system, Lazarus used a different vulnerability for remote
    code execution, Kaspersky said.

    The researchers spotted the flaw in mid-May 2024, and Google came back with a fix two weeks later, on May 25. Cryptocurrency lovers who want to remain secure from Lazarus should bring their Chrome browsers at least to version 125.0.6422.60/.61. Lazarus has been operating this campaign since February,
    it was concluded.

    Via BleepingComputer More from TechRadar Pro Windows and Linux servers
    turned into crypto miners Here's a list of the best firewalls today These are the best endpoint protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/north-korean-hackers-use-fake-game-to-h ack-google-chrome-security-flaw


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)