Blog
Share This Post
[ad_1]
North Korean hacking collective Lazarus Group has sought to exfiltrate cryptocurrency investors’ assets in attacks involving a phony decentralized finance game that exploited the now-addressed Google Chrome zero-day type confusion flaw, tracked as CVE-2024-4947, according to BleepingComputer.
Identification of a Manscrypt backdoor malware compromise in May prompted the discovery of early exploitation of the Chrome vulnerability through the “detankzone[.]com” website for the fake NFT-based multiplayer online battle arena game DeTankZone, which contains source code stolen from the DeFiTankLand game and was advertised by Lazarus across social media platforms, LinkedIn accounts, and spear-phishing emails, a report from Kaspersky revealed. Attackers included a hidden script within the website that leveraged CVE-2024-4947 to corrupt Chrome’s memory, enabling the compromise of browser history, cookies, passwords, and authentication tokens, before proceeding with the abuse of another Chrome V8 issue to enable remote code execution of a shellcode, which facilitated the exfiltration of OS, BIOS, and CPU data, as well as other reconnaissance efforts, researchers said.
[ad_2]
Source link
Subscribe To Our Newsletter
Get updates and learn from the best
More To Explore
US Charges Five People Over North Korean IT Worker Scheme
[ad_1] The US has announced charges against five individuals involved in a fake IT workers scheme to funnel funds to
In Other News: VPN Supply Chain Attack, PayPal $2M Settlement, RAT Builder Hacks Script Kiddies
[ad_1] Noteworthy stories that might have slipped under the radar: Korean VPN supply chain attack, PayPal settles with New York
