Reports have emerged that bad actors allegedly linked to the North Korean Lazarus Group executed a complex cyberattack using a fake NFT-based game to exploit a zero-day vulnerability in Google Chrome.
According to the report, the vulnerability ultimately allowed attackers to access people’s crypto wallets.
Exploiting Chrome’s Zero-Day Flaw
Kaspersky Labs security analysts Boris Larin and Vasily Berdnikov wrote that the authors cloned a blockchain game called DeTankZone and presented it as a multiplayer online battle arena (MOBA) with play-to-earn (P2E) elements. ).
According to experts, they then embedded malicious code into the game’s website, detankzone(.)com, infecting devices that interacted with it, even without any downloads.
The script exploited a critical bug in Chrome’s V8 JavaScript engine, allowing it to bypass sandbox protections and enabling remote code execution. This vulnerability allowed suspected North Korean actors to install advanced malware called Manuscrypt, which allowed them to control victims’ systems.
Kaspersky reported the flaw to Google after discovering it. The tech giant then fixed the issue with a security upgrade a few days later. However, hackers had already taken advantage of it, suggesting a wider impact on users and businesses around the world.
What Larin and his security team at Kaspersky found interesting was how the attackers adopted broad social engineering tactics. They promoted the corrupt game on X and LinkedIn by hiring well-known crypto influencers to distribute AI-generated marketing materials.
The elaborate setup also included professionally made websites and premium LinkedIn accounts, which helped create an illusion of legitimacy that lured unsuspecting players into the game.
The cryptographic activities of the Lazarus group
Surprisingly, the NFT game was not just a shell; it was fully functional, with gameplay elements such as logos, heads-up displays, and 3D models.
However, anyone visiting the P2E title’s malware-infested website had their sensitive information, including their wallet credentials, scraped, allowing Lazarus to execute large-scale crypto thefts.
Over the years, the group has demonstrated a sustained interest in cryptocurrencies. In April, on-chain investigator ZachXBT connected them to over 25 crypto hacks between 2020 and 2023, which earned them over $200 million.
Additionally, the US Treasury Department linked Lazarus to the infamous Ronin Bridge hack in 2022, in which they allegedly stole over $600 million in Ether (ETH) and USD Coin (USDC).
Data collected by 21Shares’ parent company, 21.co, in September 2023 revealed that the criminal group held more than $47 million in various cryptocurrencies, including Bitcoin (BTC), Binance Coin (BNB), Avalanche ( AVAX) and Polygon (MATIC).
In total, they allegedly stole digital assets worth over $3 billion between 2017 and 2023.
Binance Free $600 (CryptoPotato Exclusive): Use this link to create a new account and receive an exclusive $600 welcome offer on Binance (all details).
LIMITED OFFER 2024 on BYDFi Exchange: Up to $2,888 Welcome Reward, use this link to sign up and open a 100 USDT-M position for free!
