Lazarus Group Launches New Chrome Zero-Day Attack
The Lazarus Group, a notorious cybercrime syndicate, has launched a new campaign exploiting a zero-day vulnerability in Google Chrome. The attack, which targeted a personal computer in Russia, marks a shift from the group's usual organisational targets.
The campaign, dubbed 'Manuscrypt' by security researchers, leveraged two key vulnerabilities: CVE-2024-4947 and a V8 Sandbox Bypass. The exploit took advantage of a new feature in Chrome's V8 JavaScript engine, allowing attackers to bypass security mechanisms and gain remote control over affected devices.
Google's Threat Analysis Group (TAG) reported the vulnerability and the zero-day elements of the campaign. The tech giant swiftly patched the issue within two days of being notified.
The attack vector was a deceptive website, detankzone[.]com, which delivered the exploit and infected visitors' systems with the Manuscrypt malware, a signature tool of the Lazarus Group. Unusually, the campaign targeted a personal computer rather than the group's typical organisational targets.
The Lazarus Group, known for its sophistication and persistence, continues to refine its methods. This latest campaign demonstrates the group's ability to exploit zero-day vulnerabilities and use legitimate-looking platforms to deliver malware. As the group adapts its tactics, cybersecurity experts urge users to keep their software up-to-date and remain vigilant against phishing attempts and suspicious websites.
