Lazarus APT exploited a Chrome zero-day using a crypto-themed game as bait, showcasing the group’s evolving financial tactics and social engineering.
On May 13, 2024, Kaspersky detected a new infection in Russia, revealing a Chrome zero-day exploit linked to the fake DeFi game site detankzone[.]com.
Lazarus APT Hackers Exploit Chrome Zero-Day
A hidden malicious script exploited two vulnerabilities in Chrome. The first allowed attackers to read and write memory within the browser process, giving them unauthorized access. The second bypassed the V8 sandbox, a security feature designed to isolate memory and prevent malicious code from running, enabling the attackers to execute their code on the victim’s system.
This attack allowed the hackers to run arbitrary code on victims’ machines. Kaspersky quickly reported the exploit to Google, and within two days, Google released an update (CVE-2024-4947) in Chrome version 125.0.6422.60.
Google also blocked access to detankzone[.]com and other malicious sites to prevent further attacks.
Lazarus APT’s campaign wasn’t limited to technical exploits; they also used social engineering by promoting their fake game on social media and even contacting cryptocurrency influencers to expand their reach.
Lazarus’s approach highlights their focus on creating convincing narratives. They developed a fake game, using stolen source code from DeFiTankLand (DFTL), to make their campaign more credible and appealing to victims.
By combining zero-day exploits with advanced social engineering, Lazarus poses a serious threat to individuals and organizations. Their evolving tactics suggest these attacks will continue.
Staying alert is key for users. Regular software updates and caution with unsolicited links or downloads can help reduce risks.
As browser developers improve security features like JIT compilers and sandboxes, it’s important for users to keep their systems updated to defend against new threats.
Since attackers are constantly refining their methods and using technologies like generative AI for social engineering, cybersecurity measures must evolve to keep up with these advanced attacks.
Leave A Comment