Microsoft has warned the code base behind Google Chrome is under attack from hackers via a so-called zero-day exploit.
Chrome users that have been “targeted and compromised” by the zero-day attack—which means Google wasn’t previously aware of the vulnerability—have been notified by Microsoft, the tech giant wrote in an urgent report, though it didn’t reveal how many of Chrome’s 3 billion users may have been affected.
It was also revealed that a North Korean hacking group called Citrine Sleet is behind the Chrome hack, with the group known to target cryptocurrency users to steal their digital assets.
Sign up now for the free CryptoCodex—A daily five-minute newsletter for traders, investors and the crypto-curious that will get you up to date and keep you ahead of the bitcoin and crypto market bull run
Google CEO Sundar Pichai was in charge of Chrome at the search giant before landing the top job.
“On August 19, 2024, Microsoft identified a North Korean threat actor exploiting a zero-day vulnerability in Chromium, now identified as CVE-2024-7971, to gain remote code execution,” Microsoft developers wrote in a blog post.
The North Korea hackers are believed to have used “the unique trojan malware it developed, AppleJeus, which collects information necessary to seize control of the targets’ cryptocurrency assets.”
Google patched the Chrome vulnerability on August 21, according to Microsoft and a Google spokesperson told TechCrunch the exploit has now been patched with users “who have not implemented these fixes yet … urged to do so as soon as possible,” by Microsoft’s team.
The hacking group Citrine Sleet “is based in North Korea and primarily targets financial institutions, particularly organizations and individuals managing cryptocurrency, for financial gain,” according to Microsoft researchers.
The group “has conducted extensive reconnaissance of the cryptocurrency industry and individuals associated with it,” often using “social engineering tactics” to trick people into downloading the malicious software and access their crypto wallets.
“The threat actor creates fake websites masquerading as legitimate cryptocurrency trading platforms and uses them to distribute fake job applications or lure targets into downloading a weaponized cryptocurrency wallet or trading application based on legitimate applications,” according to Microsoft’s report.
North Korea-linked hackers are thought to have stolen $3 billion worth of crypto between 2017 and 2023, it was reported by South Korea’s news agency Yonhap in March, citing a United Nations Security Council study that branded North Korea “the world’s most prolific cyber-thief.”
North Korea generates as much as “50% of its foreign currency income” from cyber attacks that “are used to fund its weapons programs,” the UN study found, citing information from “one member state.”