Global cybersecurity firm Kaspersky Lab has unveiled a new wave of cyber-attacks targeting cryptocurrency investors worldwide, orchestrated by the notorious Lazarus Advanced Persistent Threat (APT) group. The campaign exploited a zero-day vulnerability in Google Chrome, allowing attackers to steal digital wallet credentials.
Kaspersky’s Global Research and Analysis Team revealed the attack methodology in a recent statement, saying, “The attackers used a fake cryptogame website that exploited a zero-day vulnerability in Google Chrome to install spyware and steal wallet credentials.”
The cybersecurity firm began detecting the malicious activity in May 2024 while reviewing incidents within its security network. The attacks were carried out using “Manuscrypt” malware, a tool the Lazarus group has employed since 2013. Kaspersky’s experts have documented over 50 unique campaigns by this group, spanning multiple industries. However, this particular campaign specifically targeted the booming cryptocurrency sector.
Lazarus, a highly skilled group known for its sophisticated operations, is infamous for exploiting vulnerabilities in digital platforms, particularly within cryptocurrency markets. The latest campaign continued that trend, taking advantage of two distinct vulnerabilities. According to Kaspersky, one of these was a previously unknown type confusion bug within V8, Google’s open-source JavaScript and WebAssembly engine. Once Kaspersky researchers flagged this vulnerability, it was swiftly addressed and patched as CVE-2024-4947 by Google.
This security flaw allowed hackers to execute arbitrary code and bypass key security features, enabling them to carry out malicious actions undetected. Additionally, a second vulnerability was exploited to bypass Google Chrome’s V8 sandbox protection, further enhancing the attackers’ ability to penetrate systems.
Kaspersky’s report highlights the advanced techniques employed by the Lazarus group, including the use of social engineering tactics and generative AI to manipulate victims. These methods were instrumental in tricking cryptocurrency investors into visiting compromised websites, where they unknowingly exposed their sensitive data.
The discovery of this malicious campaign is a stark reminder of the escalating cyber threats within the cryptocurrency world. As digital currencies continue to grow in popularity, they have become a prime target for cybercriminals, with groups like Lazarus leading the charge in developing innovative tactics to breach security measures.
Urgent Call for Vigilance in Digital Asset Security
Kaspersky’s findings underscore the importance of robust security measures, particularly for cryptocurrency investors who are increasingly becoming the focus of cyber-attacks. With sophisticated groups like Lazarus continually seeking new vulnerabilities to exploit, experts are urging both investors and digital platforms to remain vigilant and proactive in securing their assets.
As cybercrime becomes more advanced, safeguarding digital wallets and implementing up-to-date security protocols are essential steps in protecting against these relentless attacks.
