North Korean hackers exploited a vulnerability in Chrome to steal cryptocurrencies

By: Vlad Cherevko | 30.08.2024, 21:10

Microsoft has reported that North Korean hacker group Citrine Sleet recently exploited a zero-day vulnerability in the Chrome browser to steal cryptocurrency.

Here's What We Know

According to Microsoft, the hackers were first spotted on 19 August and at that time they exploited a vulnerability in the core Chromium engine, which is also used in some other browsers such as Microsoft Edge. In this case, it was a zero-day vulnerability, which means that the software developer, in this case Google, was not aware of the bug and therefore could not release a patch to fix it. According to Microsoft, Google patched the bug 2 days later, on 21 August.

Hackers created fake websites masquerading as legitimate cryptocurrency trading platforms and used them to distribute the AppleJeus malware. This software allowed the hackers to gain control of victims' cryptocurrency assets. The attack began with the victim visiting a web domain under the hackers' control, after which a rootkit was installed on the computer, giving full control of the system.

North Korean hackers have long targeted cryptocurrency to fund their nuclear weapons programme and have stolen $3 billion worth of cryptocurrency between 2017 and 2023.

Source: Microsoft