A recently discovered cyber attack by the notorious Lazarus group, including the Bluenoroff subgroup, has exposed a new vulnerability in Google Chrome.
The group used a Zero-Day exploit to take full control over infected systems, so that the newest marked the newest in a long series of advanced campaigns from the North Korean threat actor.
The campaign was discovered when Kaspersky Total Security detected a new copy of the Manuscrypt -Malware on a personal computer in Russia.
Manuscrypt, a characteristic Lazarus tool, has been in use since 2013 and has appeared in more than 50 documented campaigns on governments, financial institutions, cryptocurrency platforms and more. However, this case was noticeable because the group rarely focuses directly on individuals.
Zero-Day exploit in Google Chrome makes full system control possible
Further research has returned the infection on a misleading website, decoupling[.]comicwho occurred as a legitimate decentralized game platform for Finance (Defi). Visitors to the site have unknowingly activated the exploit by opening it via Chrome. The game, advertised as an NFT-based multiplayer online battle arena, was only a facade that held malignant code that hijacked the user’s system via the browser.
The exploit, which was aimed at a newly introduced function in the V8 Javascript of Chrome, enabled attackers to bypass the security mechanisms of the browser and to get remote control over affected devices. Kaspersky researchers immediately reported the vulnerability for Google, who released a patch within two days.
Here are the most important vulnerabilities in the heart of this campaign:
-
CVE-2024-4947: An error in the new Maglev compiler from Chrome with which attackers can overwrite critical memory structures
-
V8 Sandbox bypass: A second vulnerability enabled Lazarus to bypass the memory protection functions of Chrome with random code
Read more about browser-oriented attacks: The phishing threats of the browser grew 198% last year
While Kaspersky adhered to responsible disclosure practices, Microsoft reportedly published a related report that missed the Zero-Day element of the campaign. Kaspersky has activated this to provide further details, with the emphasis on the severity of vulnerability and the need for users to immediately update their browsers.
While Lazarus continues to refine his methods, the use of social engineering, zero-day exploits and legitimate-looking platforms, organizations and individuals must remain vigilant.
Image Credit: Alberto Garcia Guillen / Shutterstock.com