Ethical Hacking News
The Lazarus group has been found to have exploited a Google Chrome zero-day through a fake DeFi game, leaving cryptocurrency enthusiasts vulnerable to data theft. The attack uses a type confusion vulnerability (CVE-2024-4947) in the V8 engine and could potentially allow attackers to gain access to sensitive information, including login credentials and financial data.
The Lazarus group exploited a zero-day vulnerability in Google Chrome through a fake DeFi game to target cryptocurrency space individuals. The exploit, using CVE-2024-4947, allowed attackers to gain access to sensitive information like login credentials and financial data. The attack originated from a website promoting an NFT-based MOBA game that looked like a legitimate DeFi platform. The exploit worked by corrupting Chrome's memory, allowing access to cookies, authentication tokens, saved passwords, and browsing history. Once inside, attackers could escape the browser sandbox and gain remote code execution, giving them complete control over the compromised machine. The ultimate goal was cryptocurrency theft, with attackers using reconnaissance tools to determine a victim's value. Gaps in cybersecurity highlight the importance of user caution when interacting with unfamiliar websites or downloading unknown software.
The Lazarus group, a notorious North Korean hacking organization known for its involvement in various high-profile cyber attacks, has recently been found to have exploited a zero-day vulnerability in Google Chrome through the use of a fake DeFi game. This exploit, which was identified by Kaspersky researchers, targets individuals in the cryptocurrency space and could potentially allow attackers to gain access to sensitive information, including login credentials and financial data.
The attack is believed to have originated from a website called detankzone[.]com, which promoted an NFT-based multiplayer online battle arena (MOBA) game themed around tanks named DeTankZone. The game was designed to look like a legitimate DeFi platform, complete with a fake user interface and a promise of high rewards for participants. However, upon closer inspection, it became clear that the game was actually a malicious tool, designed to lure in unsuspecting victims and deliver them straight into the arms of the Lazarus group.
According to Kaspersky researchers, the exploit worked by using a type confusion vulnerability (CVE-2024-4947) in the Google Chrome V8 engine. The attackers exploited this flaw to corrupt Chrome's memory, allowing them to access sensitive information, including cookies, authentication tokens, saved passwords, and browsing history. This information could potentially be used for identity theft or other forms of financial exploitation.
But that was not all - once the attacker had gained access to the victim's system, they were able to escape the browser sandbox using a second vulnerability in V8 (CVE-2024-4947). From there, they were able to execute shellcode and gain remote code execution, giving them complete control over the compromised machine.
The ultimate goal of the attack appears to be cryptocurrency theft. According to Kaspersky researchers, the attackers used a reconnaissance tool to determine if the compromised machine was valuable enough to continue the attack. This tool collected information on the CPU, BIOS, and OS, as well as performing anti-VM and anti-debugging checks to ensure that the attacker could not be detected.
The Lazarus group has been using various tactics to spread their malware, including spear-phishing emails, premium LinkedIn accounts, and social media advertising campaigns. These attacks have targeted high-value individuals in the cryptocurrency space, indicating a clear intent on exploiting sensitive information for financial gain.
Fortunately, Google was able to patch the CVE-2024-4947 vulnerability shortly after it was discovered by Kaspersky researchers. The fix, which was applied to Chrome version 125.0.6422.60/.61, should provide adequate protection against this particular exploit.
However, this attack highlights a broader trend in the use of fake DeFi games and other malicious tools to exploit vulnerabilities in popular software. As such, it is essential for users to be cautious when interacting with unfamiliar websites or downloading unknown software, particularly if they are involved in the cryptocurrency space.
In addition, the discovery of this exploit serves as a reminder that even seemingly legitimate services can be used as vectors for malicious activity. In this case, the Lazarus group was able to use a fake DeFi game to deliver an attack that could potentially leave users vulnerable to data theft and other forms of exploitation.
As cybersecurity threats continue to evolve and become more sophisticated, it is essential for individuals and organizations to stay vigilant and take steps to protect themselves from these types of attacks. By staying informed and taking proactive measures, we can help prevent similar exploits in the future and keep our online systems safe from the likes of the Lazarus group.
Related Information:
https://www.bleepingcomputer.com/news/security/lazarus-hackers-used-fake-defi-game-to-exploit-google-chrome-zero-day/
Published: Wed Oct 23 14:36:37 2024 by llama3.2 3B Q4_K_M