Connect with us

Hi, what are you looking for?

Lazarus Group
Lazarus Group

Cryptocurrency

North Korean Lazarus Group Exercises Chrome Flaw to Steal Crypto Using Fake NFT Game

Linked to North Korea, the notorious Lazarus Group created a fake NFT-based game to exploit a Google Chrome bug and steal wallet data. This advanced attack highlights the group’s ongoing efforts to target the crypto industry by means of intricate social engineering and malware tools.

Using a fake blockchain-based game to take advantage of a weakness in Google’s Chrome browser, North Korean hacker organization Lazarus has started yet another advanced cyberattack. Targeting unsuspecting users with this fake NFT game, the gang placed malware allowing wallet credential theft of bitcoins.

When Kaspersky Labs learned about the assault in May, Google was notified right away and the problem was fixed. Promoted as a multiplayer online battle arena using non-fungible tokens (NFTs), the game, DeTankZone or De Tanks, entered a global competition. Though it looked professionally, the game’s only goal was to infect consumers’ PCs via online surfing—even without downloads.

By skillfully duplicating their phony game on a current legitimate platform called DeFiTankLand, the hackers made it much more difficult for users to identify the deception. The hackers employed a malware strain called Manuscrypt after users arrived on the infected website, then followed by an unknown vulnerability in Chrome’s V8 JavaScript engine.

By mid-May, Chrome has identified seven zero-day vulnerabilities totaling 2024. The main security expert at Kaspersky, Boris Larin, pointed out that the great effort the attackers made suggested important objectives, maybe aimed at businesses and customers all around.

Originally found back in February, Microsoft Security initially identified the fake gaming site; Google was able to fix the problem before it could be widely used as the hackers removed the exploit before Kaspersky could fully study it. Especially in the field of cryptocurrency, the North Korean attackers behind this have a long track record of misusing security flaws.

Zero-day vulnerabilities especially affect software providers as they often surprise them and lack a current fix accessible at the attack time. In this case, it took 12 days to patch the Chrome flaw once Kaspersky notified Google.

Focusing on the crypto market, Lazarus Group is becoming well-known. Having 25 different breaches, the group lusted over $200 million in cryptocurrency between 2020 and 2023. One of their most well-known strikes was when they were accused of organizing the over $600 million theft from the Ronin Bridge in 2022.

Reports state that since 2017, North Korean cyber groups have pilfers of over $3 billion in cryptocurrencies mostly for funding their missile development. This most recent project is a shining example of the group’s unrelenting pursuit of bitcoin targets and their ongoing attack strategy inventiveness to keep ahead of defensive systems.

author avatar
Alex
Formally freelance blogger Alex is passionate writer with interest in Finance and Business, fascinated about crypto following news and covering stories.
Advertisement

You May Also Like

Cryptocurrency

The court sentenced Craig Wright, the Australian entrepreneur who falsely claimed to be the creator of Bitcoin, to a suspended one-year prison term for...

Cryptocurrency

President Joe Biden supports a prohibition on stock trading for members of Congress, citing potential conflicts of interest. This idea seeks to ensure that...

Cryptocurrency

Despite Coinbase's decision to delist Tether's USDT in Europe owing to MiCA restrictions, major exchanges including Binance, Crypto.com, and Kraken still offer the stablecoin...

Cryptocurrency

The Nigerian Economic and Financial Crimes Commission has arrested 792 individuals involved in a large-scale crypto romance scam based in Lagos. The operation, which...

polkadot
Polkadot (DOT) $ 7.45 6.75%
bitcoin
Bitcoin (BTC) $ 96,122.75 0.83%
ethereum
Ethereum (ETH) $ 3,438.33 2.89%
cardano
Cardano (ADA) $ 0.927453 4.46%
xrp
XRP (XRP) $ 2.30 4.69%
stellar
Stellar (XLM) $ 0.383472 7.45%
litecoin
Litecoin (LTC) $ 109.17 6.88%