Web3
October 24, 2024 10:32 AM
The North Korean hacking group, Lazarus, has exploited a zero-day vulnerability in Google's Chrome browser using a fake blockchain-based game to install spyware and steal wallet credentials. Kaspersky Labs analysts discovered the exploit in May, and Google has since fixed the vulnerability.
The hackers created a play-to-earn multiplayer online battle arena game called DeTankZone or DeTankWar, which was fully playable and promoted on platforms like LinkedIn and X. The game used non-fungible tokens (NFTs) as tanks in a global competition and infected users from its website, even if they did not download the game. The hackers modeled this game on DeFiTankLand and used malware called Manuscrypt alongside a previously unknown "type confusion bug in the V8 JavaScript engine."
Kaspersky's principal security expert, Boris Larin, noted the substantial effort invested in this campaign, suggesting ambitious plans with potential worldwide impact on users and businesses. Microsoft Security first noticed the fake game in February, but the hackers removed the exploit from the website before Kaspersky could analyze it. Nevertheless, the lab informed Google, which patched the vulnerability in Chrome within 12 days.
Lazarus Group has a history of targeting crypto, having laundered over $200 million in crypto between 2020 and 2023 from 25 hacks. They were also implicated in the 2022 Ronin Bridge attack, which netted over $600 million in crypto. North Korean hackers as a whole have stolen over $3 billion in crypto from 2017 to 2023.
Disclaimer: Backdoor provides informational content only, it is not offered or intended to be used as legal, tax, investment, financial, or other advice. Investments in digital assets involve risk, and past performance does not guarantee future results. We recommend conducting your own research before making any investment decisions.