North Korean Hackers Exploit Google Chrome Vulnerability

Reading Time: 2 minutes
  • North Korean hackers have exploited a vulnerability in Google Chrome
  • Microsoft cybersecurity researchers discovered the vulnerability
  • Google has already patched the vulnerability

North Korean hackers have exploited a weakness in Google Chrome and stolen an undisclosed amount. Microsoft cybersecurity researchers discovered the vulnerability and referred to the North Korean group as Citrine Sleet with Google patching the crack within 48 hours. The group used complex tactics including creating phony crypto exchange platforms to target victims to download a compromised wallet before using the Chrome vulnerability to gain access to the wallet, a tactic that adds to more ways that hackers use to drain crypto wallets.

Hackers Disguised as Crypto Exchange Employees

The researchers disclosed that Citrine Sleet has developed malware like Applejeus that’s used by prominent hacking entities like Lazarus Group. According to the researchers, the North Korean hacking group used malware to remotely control code execution on a victim’s machine.

Microsoft first cited the hacking group in late 2022 when its members masqueraded as OKX exchange employees. The group sent victims Microsoft Excel files outlining exchanges’ fee rates and an extra file that gave them entry into a victim’s computer.

Microsoft disclosed that it had notified “targeted or compromised customers,” but didn’t reveal how much was stolen. It added that the group is known to target crypto entities like institutions and individuals for “financial gain.”

Hacker Uses an Active Web Session to Steal $1 Million

This isn’t the first time malicious actors are using a web browser to steal funds. In June, for example, a Binance user went to court after losing roughly $1 million to a hacker who used the user’s active web session.

Binance distanced itself from the loss saying that the hacker gained access to the user’s account after the user downloaded a malicious Google Chrome plugin. Hackers are also mimicking genuine Windows commands to steal funds.

With the Chrome vulnerability patched multiple times this year, malicious actors will likely continue looking for another weakness in the web browser’s engine.

Share