North Korean hackers, known as Citrine Sleet, have exploited a critical zero-day vulnerability in the Chromium browser to strike at crypto financial institutions. The attack, identified by Microsoft on August 19, involves creating fake crypto platforms to trick users into downloading malicious software, like the AppleJeus trojan, which siphons off digital assets.
The flaw, tracked as CVE-2024-7971, allowed remote code execution within the Chromium browser’s sandbox, affecting platforms like Google Chrome and Microsoft Edge. Google quickly addressed the issue with a patch on August 21.
The hackers also deployed the 'FudModule' rootkit, previously used by another North Korean group, Diamond Sleet, since October 2021. This sophisticated attack comes on the heels of another North Korean scheme that stole $1.3 million from a crypto project and compromised over 25 projects.
As the crypto sector remains a prime target, Microsoft urges users to update their browsers, use advanced security features, and stay vigilant against such threats.
#CryptoNewss #CryptoMarketMoves #PowellAtJacksonHole #SahmRule