Recently Google We mentioned that a new 0-day vulnerability was discovered for Chrome. 0-day or zero-day vulnerabilities are “elite” vulnerabilities used by a small number of technically savvy attackers. They are usually sold on the deep web for thousands or even tens of thousands of dollars. And those who detect them only use them themselves to get even bigger loot.
Chrome Vulnerability and Crypto
We write at every opportunity that you should stay away from websites and applications that you do not trust. In fact, you should use proven paid antivirus software to ensure the security of your web traffic. Antivirus software does not always protect users, but it largely keeps you away from the traps that have emerged. A Prize Pool Worth 21 Million TL Awaits You from BinanceTR! Participating and winning has never been easier.. You can sign up to BinanceTR from this link. Get your first crypto!
A moment ago, Microsoft mentioned that the vulnerability we mentioned was used by North Korean attackers to target crypto investors.
“On August 19, 2024 Microsoft“We have identified a North Korean threat actor who has exploited a zero-day vulnerability in Chromium, identified as CVE-2024-7971, to gain remote code execution (RCE) capabilities. We assess with high confidence that the observed exploit of CVE-2024-7971 is attributable to a North Korean threat actor targeting the cryptocurrency industry for financial gain.”
Microsoft experts found that the vulnerability was used jointly by two groups, Diamond Sleet and Citrine Sleet. So what is the attack scenario? We see this in the details of the research.
“The observed zero-day exploit attack by Citrine Sleet used typical stages seen in browser exploit chains. First, the targets were targeted by Citrine Sleet’s controlled voy****club[.]space attack address. While we cannot currently confirm how targets were redirected, social engineering (redirecting to a link claiming to be a trading or crypto wallet app, etc.) is a common tactic used by Citrine Sleet. Once connected to a target web address, a zero-day RCE exploit for CVE-2024-7971 was presented.
“Once the RCE exploit was able to execute code in a sandboxed Chromium renderer process, shellcode containing a Windows sandbox escape exploit and the FudModule rootkit was downloaded and then loaded into memory. The sandbox escape exploit exploited CVE-38106, a vulnerability in the Windows kernel that Microsoft patched on August 13, 2024, prior to the North Korean threat actor discovering its activity.”
Google Chrome patched this vulnerability (August 21) and is expected to make a detailed statement within 60 days. Always keep your browser up to date and do not stay skeptical. North Korean attackers are now launching much more targeted attacks, and such vulnerabilities detected from scratch make their job easier. No comprehensive report has yet been published on the cryptocurrency investors victimized by the attackers thanks to this vulnerability. In addition, those who have not yet updated their systems continue to be potential targets.
Disclaimer: The information contained in this article does not contain investment advice. Investors should be aware that cryptocurrencies carry high volatility and therefore risk, and should carry out their transactions in line with their own research.
