North Korean hackers exploited a zero-day vulnerability in Google Chrome (CVE-2024-7971) to distribute the FudModule rootkit and target victims' cryptocurrency investments.
The hacker organization Citrine Sleet, presumed to be a sub-organization of Lazarus, carried out the attacks.
The vulnerability allowed hackers to remotely run code in the Chromium browser and inject the FudModule rootkit into the Windows kernel.
Microsoft advises keeping systems and applications up to date and using web browsers with security features like Microsoft Defender SmartScreen.