Lazarus Group Exploits Chrome Vulnerability for Remote Control
The Lazarus Group, notorious for its cyber attacks, has struck again. This time, they exploited a vulnerability in Google Chrome, gaining complete control over an infected personal computer in Russia. Google swiftly responded, releasing a patch within days.
The attack, carried out by the group's BlueNoroff subgroup, leveraged a zero-day exploit. This allowed them to bypass Chrome's security measures and gain remote control over the targeted system. The exploit, CVE-2024-4947, was discovered by security researcher Looben Yang, who received a $43,000 bug bounty reward from Google.
The infection began when the user visited a deceptive website, detankzone[.]com, posing as a legitimate decentralized finance (DeFi) game platform. Once there, the exploit targeted a newly introduced feature in Chrome's V8 JavaScript engine, enabling attackers to bypass the browser's security mechanisms. The Manuscrypt malware, a signature tool of the Lazarus Group, was then deployed.
Organizations and individuals must remain vigilant. The Lazarus Group is known for its evolving tactics, including social engineering and zero-day exploits. This attack serves as a reminder of the importance of keeping software up-to-date and being cautious of suspicious websites.
The Lazarus Group's latest attack underscores the need for constant vigilance and prompt action from tech companies. Google's swift response, patching the vulnerability within two days of notification, is a testament to their commitment to user security. As threats evolve, so too must our defenses.
Read also:
- Tony Hawk's Memorabilia Auction Raises Record $1.2M for Skatepark Project
- Customs Raid in Germany's Hotel Industry Finds 12 Illegally Present Workers
- MIH Consortium Chooses BlackBerry for Next-Gen EV Platform
- Aquatech purchases Koch's Direct Lithium Extraction business, merging Li-ProTM DLE technology into the PEARLTM Technology Platform.
