The notorious North Korean hacking group Lazarus is believed to have used a fake NFT-based game to exploit a zero-day vulnerability in Google Chrome. This tactic allows them to install spyware that discreetly steals users’ wallet credentials.
Disguised as a Fake NFT Game
According to a report from Kaspersky Labs on Wednesday (October 23, 2024), Kaspersky’s security systems detected a new infection on a personal computer in Russia in May 2024. This revealed an exploitation of a zero-day vulnerability in Google Chrome, a cyberattack that leverages security loopholes. The attack highlights Lazarus’ strategy, known for its sophisticated engineering capabilities.
The attack was linked to a website named DeTankZone, which posed as an authentic product page for the multiplayer NFT-based DeFi game DeFiTankLand. Beneath the seemingly legitimate game interface, malicious scripts were concealed, designed to exploit users’ browsers and seize control of their systems.
Kaspersky revealed that the exploitation took advantage of two key vulnerabilities that allowed hackers to read and write memory in Chrome’s processes. It also bypassed the V8 sandbox, a security feature designed to isolate memory and prevent unauthorized code execution. This kind of attack allowed Lazarus to execute arbitrary code on the victim’s device.
“The attackers surpassed conventional methods by utilizing a fully operational game as a disguise to exploit Chrome’s zero-day vulnerability and compromise targeted systems. With well-known actors like Lazarus, even seemingly harmless actions—like clicking a link on social media or in an email—can result in total compromise of personal computers or even entire corporate networks,” said Boris Larin, Principal Security Expert at Kaspersky’s GReAT.
After discovering the exploitation, Kaspersky immediately reported it to Google. Within days, Google released an update to patch the CVE-2024-4947 vulnerability in the latest Chrome version. Google also blocked access to DeTankZone and other related malicious sites to protect users from further attacks.
Lazarus Group Frequently Targets Crypto Projects to Steal Assets
Lazarus is well-known in the crypto community, often being the mastermind behind attacks on crypto projects with the aim of stealing and laundering funds.
According to Recorded Future, Lazarus has stolen more than US$3 billion in crypto assets from 2017 to 2023. In 2023 alone, Lazarus was responsible for more than 17% of all stolen crypto funds. Meanwhile, ZachXBT estimates that the hacker group has successfully laundered over US$200 million worth of cryptocurrency through 25 hacks between 2020 and 2023.
Follow our Twitter : https://x.com/safubit
