Connect with us

Hi, what are you looking for?

Lazarus Group
Lazarus Group

Cryptocurrency

North Korean Lazarus Group Exercises Chrome Flaw to Steal Crypto Using Fake NFT Game

Linked to North Korea, the notorious Lazarus Group created a fake NFT-based game to exploit a Google Chrome bug and steal wallet data. This advanced attack highlights the group’s ongoing efforts to target the crypto industry by means of intricate social engineering and malware tools.

Using a fake blockchain-based game to take advantage of a weakness in Google’s Chrome browser, North Korean hacker organization Lazarus has started yet another advanced cyberattack. Targeting unsuspecting users with this fake NFT game, the gang placed malware allowing wallet credential theft of bitcoins.

When Kaspersky Labs learned about the assault in May, Google was notified right away and the problem was fixed. Promoted as a multiplayer online battle arena using non-fungible tokens (NFTs), the game, DeTankZone or De Tanks, entered a global competition. Though it looked professionally, the game’s only goal was to infect consumers’ PCs via online surfing—even without downloads.

By skillfully duplicating their phony game on a current legitimate platform called DeFiTankLand, the hackers made it much more difficult for users to identify the deception. The hackers employed a malware strain called Manuscrypt after users arrived on the infected website, then followed by an unknown vulnerability in Chrome’s V8 JavaScript engine.

By mid-May, Chrome has identified seven zero-day vulnerabilities totaling 2024. The main security expert at Kaspersky, Boris Larin, pointed out that the great effort the attackers made suggested important objectives, maybe aimed at businesses and customers all around.

Originally found back in February, Microsoft Security initially identified the fake gaming site; Google was able to fix the problem before it could be widely used as the hackers removed the exploit before Kaspersky could fully study it. Especially in the field of cryptocurrency, the North Korean attackers behind this have a long track record of misusing security flaws.

Zero-day vulnerabilities especially affect software providers as they often surprise them and lack a current fix accessible at the attack time. In this case, it took 12 days to patch the Chrome flaw once Kaspersky notified Google.

Focusing on the crypto market, Lazarus Group is becoming well-known. Having 25 different breaches, the group lusted over $200 million in cryptocurrency between 2020 and 2023. One of their most well-known strikes was when they were accused of organizing the over $600 million theft from the Ronin Bridge in 2022.

Reports state that since 2017, North Korean cyber groups have pilfers of over $3 billion in cryptocurrencies mostly for funding their missile development. This most recent project is a shining example of the group’s unrelenting pursuit of bitcoin targets and their ongoing attack strategy inventiveness to keep ahead of defensive systems.

Advertisement

You May Also Like

Cryptocurrency

Wyoming Senator Cynthia Lummis wants the U.S. Treasury to take a risky step by turning the government gold reserves into Bitcoin to create a...

Cryptocurrency

Tether just created $1 billion in USDT on the Tron blockchain with no transaction fees. This shows how important Tron is becoming in the...

Cryptocurrency

President-elect Donald Trump will meet with Brian Armstrong, CEO of Coinbase, to discuss personnel selections, including key positions that could influence bitcoin legislation. The...

Finance

Goldman Sachs is separating its blockchain platform to create an industry-owned solution. The program intends to increase blockchain usage in capital markets, provide innovative...

polkadot
Polkadot (DOT) $ 9.51 34.42%
bitcoin
Bitcoin (BTC) $ 98,268.33 0.24%
ethereum
Ethereum (ETH) $ 3,426.71 2.83%
cardano
Cardano (ADA) $ 1.07 3.41%
xrp
XRP (XRP) $ 1.47 6.27%
stellar
Stellar (XLM) $ 0.506968 17.19%
litecoin
Litecoin (LTC) $ 100.89 3.54%