Microsoft experts have discovered a vulnerability in the Chromium browser for stealing cryptocurrency

GetBlock Magazine - What happened? Microsoft (NASDAQ:MSFT) has discovered a hacker group from the DPRK exploiting a zero-day vulnerability in the open-source Chromium web browser to gain remote code execution (RCE). According to experts, the vulnerability, identified as CVE-2024-7971, targets the cryptocurrency sector.

Press release

What else is known? CVE-2024-7971 affects Chromium versions prior to 128.0.6613.84 and is a Type Confusion Vulnerability in JavaScript and WebAssembly V8. It was discovered on August 19, and Google (NASDAQ:GOOGL) released a fix on August 21. Chromium users should ensure they are running the latest version to protect their assets.

Earlier this year, two similar vulnerabilities were already fixed and discovered under the identifiers CVE-2024-4947 and CVE-2024-5274.

The group, which Microsoft identified as Citrine Sleet, is based in North Korea, has ties to the country’s government, and targets organizations and individuals that manage cryptocurrencies. Citrine Sleet has conducted extensive social engineering research into the crypto industry and its affiliates.

Attackers create fake websites under the guise of legitimate crypto trading platforms and use them to distribute fake offers or invites to download malware. Citrine Sleet most often uses its own AppleJeus Trojan, which collects information needed to seize control of victims' crypto assets.

Earlier, cybersecurity solutions provider Check Point (NASDAQ:CHKP) discovered freely distributed Styx Stealer malware for stealing data and cryptocurrency using a clipping mechanism.