Google says it stopped North Korea hacking Chrome

Google Chrome icon on Android device
(Image credit: TechRadar)

Google has confirmed it has patched a serious security vulnerability in its Chrome internet browser which allowed malicious actors to spy on people and potentially take over their devices.

In a blog post, Adam Weidemann of Google’s Threat Analysis Group said the flaw was being used in the wild as early as January 4 by two separate cybercrime entities.

These two groups are known as Operation Dream Job and Operation AppleJeus, and both have, allegedly, strong ties to the government of North Korea.

TechRadar needs you!

We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time. Thank you for taking part.

>> Click here to start the survey in a new window <<

Cleaning out the clues

According to Google, the two groups were using the same vulnerability, but their approach, as well as targets, differ. The company says that while Operation Dream Job targeted individuals working at major news organizations, domain registrars, hosting providers, and software vendors, Operation AppleJeus targeted people in the cryptocurrency and fintech businesses.

Their methods were different, as well. The former assumed the identities of recruiters, sending fake inquiries for vacant job positions at Google, Oracle, or Disney, and distributing links to websites that imitated Indeed, ZipRecruiter, or DisneyCareers.

These sites were loaded with a hidden iframe which would exploit the flaw and allow for remote code execution.

The latter, on the other hand, did a similar thing by creating fake websites, but it was also compromising legitimate ones and installing the weaponized iframes on them, as well. 

The researchers are also saying that the groups were good at hiding their traces, once the job was done. If they succeed in executing remote code, they’d seek to gain further access to the target endpoint, after which they’d try to remove all traces of their existence.

"Careful to protect their exploits, the attackers deployed multiple safeguards to make it difficult for security teams to recover any of the stages," Weidemann writes.

Google says the attackers would have the iframes appear “only at specific times”, and that the victims would be getting unique links that expired once activated. Each step of the attack was encrypted with the AES algorithm, and if one of the steps failed, the entire operation would stop. 

The vulnerability was patched on February 14.

Via: The Register

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Chrome icon on Android
Google Chrome extensions hack may have started much earlier than expected
chrome firefox extensions
Google Chrome extensions hit in major attack - dozens of developers affected, so be on your guard
A finger touching the google chrome icon in the Windows 10 start menu
A new Chrome browser highjacking attack could affect billions of users - here's how to fight it
Image of laptop infected with malware threat
This devious new macOS malware disguises itself as Chrome, Zoom installers
Hacker silhouette working on a laptop with North Korean flag on the background
North Korean Lazarus hackers are targeting nuclear workers
Image depicting a hand on a scanner
New Lazarus Group campaign sees North Korean hackers spreading undetectable malware through GitHub and open source packages
Latest in Security
An American flag flying outside the US Capitol building against a blue sky
The FCC is creating a security council to bolster US defenses against cyberattacks
Image depicting hands typing on a keyboard, with phishing hooks holding files, passwords and credit cards.
Microsoft warns about a new phishing campaign impersonating Booking.com
Ransomware
Microsoft uncovers sleuthy new XCSSET MacOS malware campaign
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Meta warns of worrying security flaw hitting open source type software
Hand holding smartphone and scan fingerprint biometric identity for unlock her mobile phone
Biometrics add another layer of security to passwordless authentication
Data leak
Hacked Tata Technologies data leaked by ransomware gang
Latest in News
Google Gemini Flash 2.0 Images
I tried Gemini's new AI image generation tool - here are 5 ways to get the best art from Google's Flash 2.0
An image of the Samsung Galaxy S25 Ultra from a hands-on event
Samsung Galaxy S26 Ultra could resurrect an intriguing camera feature
Eurocom Raptor X18
At $15,000, this massive 256GB RAM laptop makes Apple's MacBook Pro look affordable, tiny and very, very slow
Cristin Milioti in Black Mirror season 7
Netflix launches trailer for Black Mirror season 7, giving us a look at its first-ever sequel episode and an unexpected returning character
A graphic of the PC Gaming Show
Get ready for a bounty of PC games on June 8, as the PC Gaming show is back
A close up of The Daily podcast from Pocket Casts&#039; web page
‘Podcasting shouldn’t be locked behind walled gardens’: Pocket Casts slams Spotify and makes its web player free to all