Lazarus Group exploited Chrome vulnerability with fake NFT game

As a seasoned crypto investor who has seen the digital jungle evolve over the past decade, I can’t help but feel a mix of caution and amusement when reading about these latest exploits by North Korean hacker groups. The Lazarus Group, in particular, seems to have taken a liking to our beloved world of blockchain and cryptocurrencies, much like a bear to honey pots.


The Lazarus Group tricked people into playing a fake crypto game, which contained hidden flaws in Google Chrome. These flaws let them install spying software on victims’ computers to steal their digital wallet info. However, when Kaspersky discovered the flaw in May, they reported it to Google, who then fixed the issue.

Play at a big risk

The hacker’s play-to-earn multiplayer online battle arena game was fully playable and had been promoted on LinkedIn and X. The game was called DeTankZone or DeTankWar and used non-fungible tokens (NFTs) as tanks in a worldwide competition.

Users contracted an infection from the website, without needing to download the game themselves. The hackers designed the game to resemble DeFiTankLand in structure.

Hackers employed malicious software known as Manuscrypt, coupled with an undiscovered “type confusion flaw” within the V8 JavaScript engine. This marked the seventh instance of a zero-day vulnerability discovered in Google Chrome between the start of the year and mid-May in 2024.

Kaspersky principal security expert Boris Larin said:

“The significant effort invested in this campaign suggests they had ambitious plans, and the actual impact could be much broader, potentially affecting users and businesses worldwide.”

As a researcher, I chanced upon a suspicious game that caught Microsoft Security’s attention in February. Before our cybersecurity counterparts at Kaspersky could delve into its workings, the hackers had already taken away the exploit from their website. Nonetheless, we alerted Google about this potential threat and they swiftly patched up the vulnerability within Chrome, thus preventing the hackers from reusing it.

North Korea loves crypto

zero-day flaws catch the manufacturer off guard with no immediate fix available; it required Google 12 days to address this particular vulnerability.

Earlier this year, I discovered that yet another North Korean hacking group exploited an unforeseen weakness (zero-day vulnerability) in Google Chrome, specifically aiming for crypto investors like myself.

The Lazarus Group has a strong interest in cryptocurrencies. As reported by crypto crime observer ZachXBT, the group is believed to have laundered more than $200 million worth of cryptocurrency from approximately 25 hacking incidents between 2020 and 2023.

It’s been claimed by the U.S. Treasury Department that the Lazarus Group may have orchestrated the cyber-attack on Ronin Bridge, which resulted in the theft of cryptocurrency valued at more than $600 million in 2022.

According to the findings of the American cybersecurity company, Recorded Future, it is estimated that North Korean hacker groups have collectively stolen more than $3 billion worth of cryptocurrency between the years 2017 and 2023.

 

Read More

2024-10-24 00:49