North Korean hackers took advantage of a zero-day vulnerability in Chrome to steal cryptocurrency

A hacker group took advantage of a zero-day vulnerability in Google Chrome to steal cryptocurrency, Microsoft said Friday. According to the company, it can be said with a high degree of certainty that this is the work of a group from North Korea, most likely Citrine Sleet, targeting the cryptocurrency sector for financial gain.

Image source: TheDigitalWay/Pixabay

We are talking about a type confusion vulnerability in the V8 JavaScript and WebAssembly engine, affecting Chromium versions up to 128.0.6613.84 and received the identifier CVE-2024-7971. Microsoft discovered evidence of hacker activity on August 19, and two days later Google released a browser update that fixed the bug. As Microsoft noted, CVE-2024-7971 is the third exploitable type confusion vulnerability to be patched in the V8 engine this year, following CVE-2024-4947 and CVE-2024-5274.

The company also said it notified “targeted and compromised customers,” providing them with critical information to protect their systems, although it did not disclose who was the victim of the hacking campaign. The hacker group, which Microsoft tracks as Citrine Sleet, is based in North Korea and primarily targets financial institutions, particularly organizations and individuals operating in the cryptocurrency market.

The group uses social engineering tactics, creating fake websites masquerading as legitimate cryptocurrency trading platforms and using them to distribute fake job advertisements or offers to download a cryptocurrency wallet or trading application based on official applications. Citrine Sleet uses its own proprietary AppleJeus Trojan program for attacks, which collects information necessary to seize control of the cryptocurrency assets of potential victims.

admin

Share
Published by
admin

Recent Posts

“What do you see: craters or bulges?” – Japanese probe Resilience photographs the south pole of the Moon

The Japanese private probe Resilience has taken a high-quality photo of the Moon's south pole…

4 hours ago

A database containing data from 184 million accounts of Apple, Google, Microsoft and other services was just lying on the Internet

Cybersecurity researcher Jeremiah Fowler discovered a publicly available database with more than 184 million logins…

4 hours ago

Doom: The Dark Ages Is Rightfully the King. Review

Played on PC In 2016, the Doom series returned to our screens, and did so…

4 hours ago

Apple’s 25% tariffs will affect Samsung smartphones, Trump explains

US President Donald Trump this week said he would impose a 25% tariff on iPhones…

4 hours ago

Thermaltake Shows Off IX700 PC Case with Immersion Cooling

Thermaltake unveiled a prototype of the IX700 system unit with an immersion cooling system at…

4 hours ago

Warhammer 40,000: Boltgun 2 Will Be Released in 2026, and You Won’t Have to Wait for a Free Printed Shooter Based on the First Part

At the Warhammer Skulls 2025 presentation, developers from the British studio Auroch Digital announced a…

1 day ago