Using a fake blockchain-based game to take advantage of a weakness in Google’s Chrome browser, North Korean hacker organization Lazarus has started yet another advanced cyberattack. Targeting unsuspecting users with this fake NFT game, the gang placed malware allowing wallet credential theft of bitcoins.
When Kaspersky Labs learned about the assault in May, Google was notified right away and the problem was fixed. Promoted as a multiplayer online battle arena using non-fungible tokens (NFTs), the game, DeTankZone or De Tanks, entered a global competition. Though it looked professionally, the game’s only goal was to infect consumers’ PCs via online surfing—even without downloads.
By skillfully duplicating their phony game on a current legitimate platform called DeFiTankLand, the hackers made it much more difficult for users to identify the deception. The hackers employed a malware strain called Manuscrypt after users arrived on the infected website, then followed by an unknown vulnerability in Chrome’s V8 JavaScript engine.
By mid-May, Chrome has identified seven zero-day vulnerabilities totaling 2024. The main security expert at Kaspersky, Boris Larin, pointed out that the great effort the attackers made suggested important objectives, maybe aimed at businesses and customers all around.
Originally found back in February, Microsoft Security initially identified the fake gaming site; Google was able to fix the problem before it could be widely used as the hackers removed the exploit before Kaspersky could fully study it. Especially in the field of cryptocurrency, the North Korean attackers behind this have a long track record of misusing security flaws.
Zero-day vulnerabilities especially affect software providers as they often surprise them and lack a current fix accessible at the attack time. In this case, it took 12 days to patch the Chrome flaw once Kaspersky notified Google.
Focusing on the crypto market, Lazarus Group is becoming well-known. Having 25 different breaches, the group lusted over $200 million in cryptocurrency between 2020 and 2023. One of their most well-known strikes was when they were accused of organizing the over $600 million theft from the Ronin Bridge in 2022.
Reports state that since 2017, North Korean cyber groups have pilfers of over $3 billion in cryptocurrencies mostly for funding their missile development. This most recent project is a shining example of the group’s unrelenting pursuit of bitcoin targets and their ongoing attack strategy inventiveness to keep ahead of defensive systems.