Lazarus Group Takes Advantage of Google Chrome Weakness to Hijack Devices
‘CVE-2024-6051’ vulnerability via a specially designed JavaScript code that allowed the attackers to execute malicious code inside the Google Chrome browser.
“`html
Details of the Exploit
“`
Kaspersky’s findings suggest that the exploit is first delivered through a spear-phishing email that contains an infected link.
The victim, when clicking the link, is redirected to a web page that hosts the exploit.
If the victim is using a vulnerable version of Google Chrome, the JavaScript code embedded in the web page triggers the ‘CVE-2024-6051’ vulnerability and leads to exploit chain execution of the Manuscrypt malware.
The Manuscrypt malware, sometimes referenced as ‘Lazarus’s RAT’ (Remote Access Trojan), is renowned for its extensive list of capabilities, including infiltrating device data, capturing keystrokes, and remotely operating the infected device, giving the Lazarus Group full control over the victim’s system.
“`html
Prevention and Mitigation
“`
Google has already issued a patch for this particular vulnerability in the latest Chrome update (version 95.0.4638.69).
Therefore, users and organizations are strongly urged to ensure that their browser software is updated to the latest version to avoid exploitation.
Further, it’s essential to prioritize employee awareness regarding the hazards of clicking on unsolicited email links and discouraging the use of corporate devices for personal browsing to minimize the risk of such spear-phishing attacks.
“`html
Historical Significance
“`
The Lazarus Group, also known as APT38, is linked to numerous high-profile cyber-attacks worldwide.
Some of their notable exploits include the infamous Sony Pictures hack in 2014 and the devastating WannaCry ransomware attack, which impacted over 300,000 computers globally in 2017.
While it is challenging to completely eliminate the threat posed by these experienced threat actors, vigilance, robust cyber hygiene, and regular patching and updates can significantly reduce the risk of successful cyber exploits.
“`html
Follow-Up Reading
“`
