North Korea’s notorious Lazarus Group has launched a sophisticated cyber attack aimed at cryptocurrency investors. This recent campaign, uncovered by Kaspersky researchers, reveals how the hackers exploited a serious vulnerability in Google Chrome to create a fake NFT game, “DeTankZone,” luring unsuspecting victims into a dangerous trap.
The attack began in February 2024 and came to light when Kaspersky detected a new variant of the Manuscrypt malware on a Russian national’s computer. The group constructed a seemingly legitimate website promoting a multiplayer online battle arena game that blends elements of decentralized finance (DeFi) and NFTs.
With a downloadable trial version and impressive marketing, including polished graphics and social media promotions, the site appeared trustworthy.
However, behind this façade lay a hidden script designed to exploit a zero-day vulnerability in Chrome, known as CVE-2024-4947 as per local reports. This flaw allowed the attackers to seize control of the victim’s computer, accessing sensitive data like cookies, saved passwords, and even banking information.
Kaspersky reported that the exploit could bypass Chrome’s V8 sandbox, enabling remote code execution and potentially setting the stage for further malicious activities.
Lazarus Group employed sophisticated social engineering techniques, leveraging platforms like X and LinkedIn to reach their targets. By posing as reputable blockchain companies or game developers seeking investments, they crafted emails and messages that made their schemes even more convincing.
Interestingly, the group seems to have repurposed code from a legitimate game called DeFiTankLand, which had its own security breach earlier this year, resulting in a theft of $20,000 in cryptocurrency. This raises questions about insider threats, as it appears Lazarus might be behind both the original theft and the current deceptive campaign.
Also Read: Five Sentenced in Austria’s Largest Crypto Scam of $21.6M
