Lazarus Group Exploits Google Chrome Flaw in New Campaign
A recently discovered cyber-attack by the notorious Lazarus Group, including its BlueNoroff subgroup, has exposed a new vulnerability in Google Chrome.
The group used a zero-day exploit to take complete control of infected systems, marking the latest in a long series of sophisticated campaigns from the North Korean-backed threat actor.
The campaign was uncovered when Kaspersky Total Security detected a new instance of the Manuscrypt malware on a personal computer in Russia.
Manuscrypt, a signature Lazarus tool, has been in use since at least 2013, appearing in over 50 documented campaigns targeting governments, financial institutions, cryptocurrency platforms and more. However, this case stood out as the group rarely targets individuals directly.
Zero-Day Exploit in Google Chrome Enables Full System Control
Further investigation traced the infection back to a deceptive website, detankzone[.]com, which posed as a legitimate decentralized finance (DeFi) game platform. Visitors to the site unknowingly triggered the exploit simply by accessing it through Chrome. The game, advertised as an NFT-based multiplayer online battle arena, was merely a facade, hiding malicious code that hijacked the user’s system via the browser.
The exploit, which targeted a newly introduced feature in Chrome’s V8 JavaScript engine, allowed attackers to bypass the browser’s security mechanisms and gain remote control over affected devices. Kaspersky researchers promptly reported the vulnerability to Google, which released a patch within two days.
Here are the key vulnerabilities at the heart of this campaign:
-
CVE-2024-4947: A flaw in Chrome’s new Maglev compiler that allows attackers to overwrite critical memory structures
-
V8 Sandbox Bypass: A second vulnerability enabled Lazarus to bypass Chrome’s memory protection features, executing arbitrary code
Read more on browser-focused attacks: Browser Phishing Threats Grew 198% Last Year
While Kaspersky adhered to responsible disclosure practices, Microsoft reportedly published a related report that missed the zero-day element of the campaign. This triggered Kaspersky to provide further details, emphasizing the gravity of the vulnerability and the need for users to update their browsers immediately.
As Lazarus continues to refine its methods, leveraging social engineering, zero-day exploits and legitimate-looking platforms, organizations and individuals alike must remain vigilant.
Image credit: Alberto Garcia Guillen / Shutterstock.com