North Korean Hackers Exploit Chrome Flaw to Steal Cryptocurrency: Report

As a seasoned crypto investor with a decade of experience under my belt, I can’t help but feel a sense of unease when reading about such cyberattacks. The fact that North Korean hackers, like the Citrine Sleet, are exploiting zero-day flaws in popular browsers to steal cryptocurrency is a stark reminder of the threats lurking in the digital world.

As per the latest findings from Microsoft’s cybersecurity unit, a notorious North Korean hacking squad called “Citrine Sleet” has allegedly taken advantage of an earlier vulnerability in Google Chrome for the purpose of stealing digital currencies from individuals.

On August 19, Microsoft detected a cyberattack as hackers took advantage of a weakness in the Chromium engine, an open-source software used by Chrome, Microsoft Edge, and other well-known web browsers.

This kind of problem is known as a “Zero-day vulnerability”, which means that Google wasn’t aware of the issue and didn’t have an opportunity to address it prior to it being used by someone.

As per findings by Microsoft researchers, the malicious group known as Citrine Sleet, much like the infamous Lazarus Group, frequently sets up phony websites that mimic authentic cryptocurrency trading platforms. Their intention is to deceive users into downloading harmful software called “AppleJeus”.

As a researcher, I frequently encounter a deceptive type of software that masquerades as legitimate job applications or cryptocurrency wallets. Upon installation, this malware grants unauthorized access to hackers, effectively handing over control of the victim’s device. This control enables them to pilfer the victim’s digital assets, particularly their cryptocurrencies.

Eventually, Google addressed the issue with a fix on August 21, two days following Microsoft’s notification. Yet, the extent to which this cyber-attack impacted various organizations and individuals remains uncertain.

2024-08-31 04:04

Read More