Lazarus Group Used Fake Blockchain Game to Exploit Zero-Day Vulnerability in Google Chrome

The North Korean Lazarus Group of hackers used a fake blockchain-based game to exploit a zero-day vulnerability in Google’s Chrome browser and install spyware

North Korean Lazarus Group hackers have exploited a zero-day vulnerability in Google Chrome to install spyware that steals wallet credentials, using a fake blockchain-based game to carry out the attack.

The Lazarus Group’s activities were detected by Kaspersky Labs analysts in May, who reported the exploit to Google. The vulnerability has since been fixed by Google.

Playing at a high risk

The hackers’ game, which was fully playable, was promoted on LinkedIn and X. It was called DeTankZone or DeTankWar and featured tanks represented by non-fungible tokens (NFTs) that competed in a global tournament.

Interestingly, users could get infected from the game’s website even without downloading the game itself. The hackers reportedly modeled the game on the existing DeFiTankLand.

According to the report, the hackers deployed Manuscrypt malware, followed by a previously unseen “type confusion bug in the V8 JavaScript engine.” This marked the seventh zero-day vulnerability found in Chrome in 2024 up to mid-May.

“The fake game was noticed by Microsoft Security back in February. However, by the time Kaspersky was able to look into it, the threat actor had already removed the exploit from the website,” Boris Larin, principal security expert at Kaspersky, told Securelist.

Despite this, the lab went ahead and informed Google about the exploit, and Chrome fixed the vulnerability before the hackers could reintroduce it.

Screenshot from Lazarus Group’s fake game, as shared by SecureList

Related: FBI highlights 6 Bitcoin wallets linked to North Korea, urging crypto exchanges to be vigilant

North Korea has a thing for crypto

Zero-day vulnerabilities are those that a vendor is made aware of for the first time, without any patch being ready for it. In this case, it took Google 12 days to patch the vulnerability in question.

Earlier this year, another zero-day vulnerability in Chrome was exploited by a separate North Korean hacker group to target crypto holders.

As reported by Microsoft Threat Intelligence, Lazarus Group is known to have a strong preference for cryptocurrency. According to crypto crime watcher ZachXBT, the group laundered over $200 million in crypto from 25 hacks between 2020 and 2023.

The United States Treasury Department has also accused Lazarus Group of being behind the 2022 attack on Ronin Bridge, which resulted in the theft of crypto valued at over $600 million.

Over the seven-year period from 2017 to 2023, North Korean hackers stole a total of more than $3 billion in crypto, according to cybersecurity firm Recorded Future.

Magazine: Lazarus Group’s favorite exploit revealed — An analysis of crypto hacks by the notorious group

The above is the detailed content of Lazarus Group Used Fake Blockchain Game to Exploit Zero-Day Vulnerability in Google Chrome. For more information, please follow other related articles on the PHP Chinese website!