According to a recent report by Microsoft’s cybersecurity team, a group of North Korean hackers known as the “Citrine Sleet” have exploited a previous flaw in Google Chrome to steal cryptocurrency from people.
Microsoft first became aware of the cyberattack on Aug 19, when the hackers exploited a vulnerability in the Chromium engine, the open-source software that powers Chrome and other popular browsers like Microsoft Edge.
This type of flaw is called “Zero-day”, meaning that Google was unaware of the issue and had no time to fix it before it was exploited.
According to Microsoft researchers, Citrine Sleet which operates similarly to the popular notorious Lazarus Group, often creates fake websites that look like real crypto trading platforms to trick people They use these fake sites to get users to download harmful software known as “AppleJeus”.
This software is often disguised as job applications or cryptocurrency wallets. Once the software is installed, it gives the hackers control over the victim’s device, allowing them to steal their cryptocurrency.
Google eventually released a fix for this flaw on Aug, 21, two days after being alerted by Microsoft. However, it’s still unclear how many organizations or people were affected by the attack
Also Read: Kylian Mbappé’s X Account Hack Fuels $1 Million Crypto Scam