Just recently, Google has released a brand-new variation of Google Chrome web browser for Windows, Mac and Linux, that consists of just one bugfix for a zero-day vulnerability that was exploited in the wild.
The majority of the time, the PoC code help to extract the bug from the attack code so that the security researchers might examine the source of the vulnerability.
Google security team provided a report on attacks by North Korean cybercriminals on the data security market. However, a few of these attacks were to lure security scientists into a particular blog where the malware was launched on their systems by a zero-day web browser vulnerability.
The API in this vulnerability was used to publish the attribute of string information connected to the DOM item. While the API internally APP_DATA:: FreeCachedMemmanages the memory to be released through a function.
After a proper investigation, the professionals verified that the bug that has been used by the assaulter was a Double Free bug that appeared in the part of the DOM objects characteristic worth release.
Approximate Function Call
Direct System Call.
Disable User Mode Hook.
In Process Dll Hiding.
Apart from this, all the essential functions of the malicious codes are categorized during analysis and here we have actually discussed them listed below:-.
In case of this attack code, if the Control Flow Guard is implemented, then the security method is ignored, and the threat stars exploit the RPC system provided by the Windows operating system to communicate the approximate APIs.
And to prevent all this exploitation of the vulnerability by different cybercriminals, Chrome users are recommended to update their web browser to the most recent variation.
In an arbitrary function call, the danger stars carry out the utility function to examine the internal scenario of the technique and plan to call necessary APIs arbitrarily.
According to the cybersecurity scientists, the cybercriminals mainly exhausted a zero-day vulnerability in Chrome. And Google did not discuss whether CVE-2021-21148 was used in attacks, however lots of professionals think that this was the real case.
The shellcode merely sends a list of processes that are running on the infected system through which it collects all the required information of the infected target and then downloads and carries out the more harmful code encrypted from the C2 server to memory.
You can follow us on Linkedin, Twitter, Facebook for everyday Cybersecurity and hacking news updates.