Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Chrome Attack Chain. Show all posts
Zero-day Flaw
Chrome Attack Chain Crypto Hack Cyber Attacks North Korea Hackers Zero-day Flaw

Lazarus Group Exploits Chrome Zero-Day Flaw Via Fake NFT Game

 

The notorious North Korean hacking outfit dubbed Lazarus has launched a sophisticated attack campaign targeting cryptocurrency investors. This campaign, discovered by Kaspersky researchers, consists of a multi-layered assault chain that includes social engineering, a fake game website, and a zero-day flaw in Google Chrome. 

The report claims that in May 2024, Kaspersky Total Security identified a new attack chain that used the Manuscrypt backdoor to target the personal computer of an unidentified Russian citizen. 

Kaspersky researchers Boris Larin and Vasily Berdnikov believe the campaign began in February 2024. After investigating the attack further, analysts discovered that the attackers had developed a website called "detankzonecom" that seemed to be a genuine platform for the game "DeFiTankZone." 

This game reportedly combines Decentralised Finance (DeFi) elements with Non-Fungible Tokens (NFTs) in a Multiplayer Online Battle Arena (MOBA) situation. The website even offers a downloadable trial edition, adding to the look of trustworthiness. However, beneath the surface is a malicious trap. 

“Under the hood, this website had a hidden script that ran in the user’s Google Chrome browser, launching a zero-day exploit and giving the attackers complete control over the victim’s PC,” researchers noted. 

The exploit contains code for two vulnerabilities: one that enables hackers to access the whole address space of the Chrome process using JavaScript (CVE-2024-4947), and the other that allows attackers to circumvent the V8 sandbox and access memory outside the confines of the register array. 

Google addressed CVE-2024-4947, a type confusion flaw in the V8 JavaScript and WebAssembly engine, in March 2024, although it's unknown if attackers discovered it first and weaponised it as a zero-day or exploited it as an N-day flaw.

In this campaign, Lazarus has used social media sites like LinkedIn and X (previously Twitter) to target prominent players in the cryptocurrency field. With several accounts on X, they created a social media presence and actively promoted the fake game. They also hired graphic designers and generative AI to create amazing advertising material for the DeTankZone game. The group also sent carefully designed messages to interested parties pretending to be blockchain startups or game developers looking for funding.

This campaign highlights how the Lazarus Group's strategies have changed. It is crucial to be wary of unsolicited investment opportunities, particularly when they involve dubious social media promotions or downloadable game clients. In order to mitigate the risk of zero-day attacks, it is also crucial to maintain browser software, such as Chrome, updated with the most recent security fixes.
Read more »
Windows Exploit
Chrome Attack Chain Malicious Codes Vulnerabilities and Exploit Windows Exploit

Magnitude Exploit Kit Adds Rare Chrome Attack Chain to Target Chrome Users

 

The handlers of the Magnitude exploit kit (EK) have added two new exploits in their arsenal, capable of targeting chromium-based browsers operating on Windows systems. It is a very rare sight since the very few exploit kits that are still active have mainly focused on Microsoft’s Internet Explorer over the past few years. 

Security experts with Avast uncovered a new chain of exploits for attacks on users of the Chrome browser. The two new exploits CVE-2021-21224 and CVE-2021-31956 affect the Google Chrome browser and Microsoft Windows platform, respectively.

The first exploit in the chain CVE-2021-21224, which Google patched in April 2021, is a type confusion vulnerability in the V8 rendering engine that allows remote attackers to execute arbitrary code inside a sandbox via a crafted HTML page.

The second exploit CVE-2021-31956 is a privilege escalation vulnerability in Windows that leads attackers to bypass Chrome’s sandbox and secure system privileges. The vulnerability was addressed in June 2021. The two flaws were previously chained in malicious activity that Kaspersky named PuzzleMaker, but it couldn’t be linked to any known adversary. 

“The attacks we have seen so far are targeting only Windows builds 18362, 18363, 19041, and 19042 (19H1–20H2). Build 19043 (21H1) is not targeted. The exploit for CVE-2021-31956 contains hardcoded syscall numbers relevant just for these builds. For the time being, the activity doesn’t appear to involve the use of a malicious payload, although it does lead to the victim’s Windows build number being exfiltrated,” Avast said. 

“Since Magnitude typically tests newly implemented exploits in this manner, it’s likely that malicious attacks will follow soon, likely deploying the Magniber ransomware,” Avast added. First discovered in 2017, Magniber was attributed right from the start with Magnitude, and was believed to be developed by the EK’s handlers. 

While the discovery of Avast is important because of a rare sighting of an exploit kit going after Chrome and Chromium-related browsers, other questions still remain, such as how the “half-dead” EK group got its hands on such a high-grade exploit chain and how effective is the exploit chain, to begin with. Fortunately, the Windows exploit is not universal and will only work against a small number of Windows 10 versions.
Read more »
Subscribe to: Posts (Atom)