25/10/2024 Lazarus Group exploited Chrome vulnerability with fake NFT game

The North Koreans invested great effort in creating and promoting a game that apparently drained users’ wallets.

Lazarus Group exploited Chrome vulnerability with fake NFT game

The North Koreans invested great effort in creating and promoting a game that apparently drained users’ wallets.

The North Korean Lazarus Group of hackers used a fake blockchain-based game to exploit a zero-day vulnerability in Google’s Chrome browser and install spyware that stole wallet credentials. Kaspersky Labs analysts noticed the exploit in May and reported it to Google, which has fixed it.

Solana, Bitcoin, and Ethereum Lead the NFT Market to a 20% Growth
Telegram gaming sees NFT and user engagement boom in Q3 2024: report
EXCLUSIVE: Aelis to Unveil NFT Project Linked to Fall 2021 Collection

Play at a big risk

The hacker’s play-to-earn multiplayer online battle arena game was fully playable and had been promoted on LinkedIn and X. The game was called DeTankZone or DeTankWar and used non-fungible tokens (NFTs) as tanks in a worldwide competition.

Users were infected from the website, even if they did not download the game. The hackers modeled the game on the existing DeFiTankLand.

The hackersusedmalware called Manuscrypt followed by a previously unknown “type confusion bug in the V8 JavaScript engine.” It was the seventh zero-day vulnerability found in Chrome in 2024 through mid-May.

Kaspersky principal security expert Boris Larin said:

“The significant effort invested in this campaign suggests they had ambitious plans, and the actual impact could be much broader, potentially affecting users and businesses worldwide.”

The fake game wasnoticedby Microsoft Security in February, though the hackers removed the exploit from the website before Kaspersky could analyze it. The lab informed Google of it anyway and Google fixed the vulnerability in Chrome before the hackers could use it again.

Screenshot from Lazarus Group’s fake game. Source:SecureList

North Korea loves crypto

Zero-day vulnerabilities take the vendor by surprise and there is no ready patch for them. It took Google 12 days to patch the vulnerability in question.

Another North Korean hacker group harnessed a different zero-day vulnerability in Chrome to target crypto holders earlier this year.

Source:Microsoft Threat Intelligence

Lazarus Group is fond of crypto. Between 2020 and 2023, itlaundered over $200 millionin crypto from 25 hacks, according to crypto crime watcher ZachXBT.

The United States Treasury Department also alleged Lazarus Groupto be behind the attack onRonin Bridge that netted crypto worth over $600 million in 2022.

US cybersecurity firm Recorded Future found that North Korean hackers as a wholestole over $3 billion in crypto between 2017 and 2023.

Arts

https://cointelegraph.com/news/north-korean-lazarus-group-chrome-zero-day-nft-game-hack

Interesting NFTs
Magnificent Pipe Organ
This magical organ will echo throughout all of the land just by merely touching a key. Its powerful pipes will make the ground tremble with majestic sounds. And best of all, it organically combines with all decorations.
Genesis
JosĂ© Delbo sent me his striking pencil sketch and powerful inked work, which I then interpreted in oil on canvas. I wanted to create a very painterly piece with obvious brush marks etc, but I was also aiming for a nostalgic feel, a kind of 1980’s superhero comic book look, the kind I grew up with. My goal with this animation was to try to recreate, in part, the creative process that both artists went through with the visual information I had. I was able to showcase my painting process more accurately as I could take photographs of my progress throughout. Consecutive images could then be layered like brush strokes over José’s drawing to create the impression that this was one continuous artwork from pencil, to ink, to completed painting. The representation of the line sketch at the beginning, then pencil/ink and lastly the paint layers being applied demonstrate both artists’ struggle for the right lines, tone, form, and colour until the work is finally completed. As the oil was still wet with each photograph the glare of my studio lights can be seen in the brush strokes. Eventually, the figure emerges and as it does, our hero comes to life, looking directly at the viewer -- but is he grimacing in approval or disgust? We will never know for sure as just before he can say anything, white paint is brushed across the canvas entirely and the process begins again. Only the bat is quick enough to escape.
YouTube Lab
YouTube logo factory. 10-second loop, 30 fps. Created using Cinema4D, X-Particles, TurbulenceFD, Octane, and After Effects.
Mars House
Mars House is the first NFT digital house in the world. Upon purchase of Mars House NFT, 3D files will be sent to the new owner by Krista Kim Studio Inc. for file upload to the owner’s Metaverse. Technical support for Mars House integration on Metaverse is provided. (Architectural Digest, March 14, 2021) “Kim ventured into NFTs while exploring meditative design during quarantine; her hope was to use the influx of digital life as an opportunity to promote wellbeing. Comprised entirely of light, the visual effects of her crypto-home are meant to omit a zen, healing atmosphere. The artist also partnered with musician Jeff Schroeder of The Smashing Pumpkins to create a calming musical accompaniment. So what makes the file a compelling purchase? Beyond the promise of buying into the lucrative NFT market, the home and all of the furniture in it can be built in real life by glass furniture-makers in Italy, as well as through MicroLED screen technology. Kim also has a strong visions the art being projected, as well. “Everyone should install an LED wall in their house for NFT art.” says the artist. “ This is the future, and Mars House demonstrates the beauty of that possibility.” The owner is in agreement to the following terms and conditions upon purchase of Mars House (hereby referred to as Mars House NFT): The collector agrees to own one copy of Mars House NFT on a single Metaverse platform. The collector is required to register Mars House NFT ownership with Krista Kim Studio Inc. Krista Kim Studio Inc. will provide technical support to upload and integrate Mars House NFT on a Metaverse platform. If/when Mars House is resold, the collector is required to delete all Mars House NFT 3D file(s) from his/her Metaverse, and provide verification of deletion to Krista Kim Studio Inc. before new 3D files are transferred to the new owner by the artist. The new owner is required to register Mars House NFT ownership with Krista Kim Studio Inc. Krista Kim Studio will send Mars House NFT 3D files directly to the new owner and provide support for Metaverse integration. This verified ownership transfer system will be appointed to Krista Kim Studio Inc. trusteeship, after 40 years of the date of the sale. Krista Kim Studio Inc. retains ownership of Mars House NFT copyright. All rights reserved. All reproductions of Mars House (NFT) in both digital and physical formats, are restricted. Mars House NFT physical furniture pieces, made of tempered printed glass in Italy, may be commissioned by the collector as NFT physical pieces.
Bloody Monkey
Artist notes: straight up side ya head + VERY valuable RED CIRCLE!! WOW.!!