Reports have emerged that bad actors allegedly linked to North Korea's Lazarus Group executed a complex cyberattack that used a fake nft-based game to exploit a zero-day vulnerability in Google Chrome.
According to the report, the vulnerability ultimately allowed attackers to access people's crypto wallets.
Exploiting Chrome's zero-day flaw
Kaspersky Labs security analysts Boris Larin and Vasily Berdnikov crypto-with-a-tank-game/114282/” target=”_blank” rel=”noopener” data-wpel-link=”external”>wrote that the perpetrators cloned a blockchain game called DeTankZone and promoted it as a multiplayer online battle arena (MOBA) with play-to-earn (P2E) elements.
According to experts, they then embedded malicious code into the game's website, detankzone(.)com, infecting devices that interacted with it, even without any downloads.
The script took advantage of a critical bug in Chrome's V8 JavaScript engine, allowing it to bypass sandbox protections and allow remote code execution. This vulnerability allowed the alleged North Korean actors to install advanced malware called Manuscrypt, which gave them control over victims' systems.
Kaspersky reported the flaw to Google upon discovery. The tech giant addressed the issue with a security update days later. However, hackers had already exploited it, suggesting a broader impact on global users and businesses.
What Larin and his security team at Kaspersky found interesting was how the attackers adopted extensive social engineering tactics. They promoted the tainted game on x and LinkedIn by engaging well-known crypto influencers to distribute ai-generated marketing material.
The elaborate setup also included professionally created websites and premium LinkedIn accounts, which helped create an illusion of legitimacy that lured unsuspecting players into the game.
The crypto activities of the Lazarus group
Surprisingly, the nft game was not just a shell; It was fully functional, with gameplay elements such as logos, head-up displays, and 3D models.
However, anyone who visited the P2E title's malware-ridden website had sensitive information collected, including wallet credentials, allowing Lazarus to execute large-scale cryptocurrency thefts.
The group has shown sustained interest in cryptocurrencies over the years. In April, on-chain researcher ZachXBT connected them to more than 25 cryptocurrency hacks between 2020 and 2023, which netted them more than $200 million.
Additionally, the US Treasury Department has linked Lazarus to the infamous 2022 Ronin Bridge hack, in which over $600 million in ether (eth) and USD Coin (USDC) were allegedly stolen.
Data collected by 21Shares parent company 21.co in September 2023 revealed that the criminal group held more than $47 million in a variety of cryptocurrencies, including bitcoin (btc), Binance Coin (BNB), Avalanche ( AVAX) and Polygon (MATIC).
In total, they are said to have stolen digital assets worth more than $3 billion between 2017 and 2023.
Binance Free $600 (CryptoPotato Exclusive) – Use this link to register a new account and receive an exclusive welcome offer of $600 on Binance (full details).
LIMITED OFFER 2024 on BYDFi Exchange: Welcome reward up to $2,888, use this link to register and open a position of 100 USDT-M for free!
<!– ai CONTENT END 1 –>
