25/10/2024 Lazarus Group exploited Chrome vulnerability with fake NFT game

The North Koreans invested great effort in creating and promoting a game that apparently drained users’ wallets.

Lazarus Group exploited Chrome vulnerability with fake NFT game

The North Koreans invested great effort in creating and promoting a game that apparently drained users’ wallets.

The North Korean Lazarus Group of hackers used a fake blockchain-based game to exploit a zero-day vulnerability in Google’s Chrome browser and install spyware that stole wallet credentials. Kaspersky Labs analysts noticed the exploit in May and reported it to Google, which has fixed it.

Play at a big risk

The hacker’s play-to-earn multiplayer online battle arena game was fully playable and had been promoted on LinkedIn and X. The game was called DeTankZone or DeTankWar and used non-fungible tokens (NFTs) as tanks in a worldwide competition.

Users were infected from the website, even if they did not download the game. The hackers modeled the game on the existing DeFiTankLand.

The hackersusedmalware called Manuscrypt followed by a previously unknown “type confusion bug in the V8 JavaScript engine.” It was the seventh zero-day vulnerability found in Chrome in 2024 through mid-May.

Kaspersky principal security expert Boris Larin said:

“The significant effort invested in this campaign suggests they had ambitious plans, and the actual impact could be much broader, potentially affecting users and businesses worldwide.”

The fake game wasnoticedby Microsoft Security in February, though the hackers removed the exploit from the website before Kaspersky could analyze it. The lab informed Google of it anyway and Google fixed the vulnerability in Chrome before the hackers could use it again.

Screenshot from Lazarus Group’s fake game. Source:SecureList

North Korea loves crypto

Zero-day vulnerabilities take the vendor by surprise and there is no ready patch for them. It took Google 12 days to patch the vulnerability in question.

Another North Korean hacker group harnessed a different zero-day vulnerability in Chrome to target crypto holders earlier this year.

Source:Microsoft Threat Intelligence

Lazarus Group is fond of crypto. Between 2020 and 2023, itlaundered over $200 millionin crypto from 25 hacks, according to crypto crime watcher ZachXBT.

The United States Treasury Department also alleged Lazarus Groupto be behind the attack onRonin Bridge that netted crypto worth over $600 million in 2022.

US cybersecurity firm Recorded Future found that North Korean hackers as a wholestole over $3 billion in crypto between 2017 and 2023.

Arts

https://cointelegraph.com/news/north-korean-lazarus-group-chrome-zero-day-nft-game-hack

Interesting NFTs
Things are not always as they seem. Living in poverty is like serving a sentence in a prison with invisible bars. The keys are in plain sight, yet impossible to reach. Screen time captivates us with its addictive dopamine triggers, plucking at our attention span until we are no longer aware of the present... What if both worlds collide? Hand-rendered acrylics on bristol board scanned and converted into a digital image.
Renaissance
Dimensions: 2048 x 2732px
Her Mind Had Gone Out For A Stroll & Fallen Down The Rabbit Hole
Her Mind Had Gone Out For A Stroll & Fallen Down The Rabbit Hole' is the first programmable piece of art by Kitty Bast. The owner constructs, modifies & tattoos their very own Doll Lady... Is she falling down a rabbit hole, lost in a sea of cats or gazing into the unknown void? Do you like Pink Ladies or Lilac Ladies? Or do you pick the Wild Card? There's always a wild side to an innocent doll face. Is she obsessed with crypto ponies or crypto kitties? Or does she have an insatiable desire for Mr. Honey Badger. Come inside and have a nice cup of NFTea with the bunnies. Is your lady chained to the blockhain? Does your lady shed Bitcoin tears or ETH tears? Does your doll face don a Rotten Heart? Do you HODL to the Moon to meet the ETH Kitty? Do you have an obsession for cyborgs or Puddin'? Would you like a slice of Death by Pink? Is The Cat's Eye green or golden? Little trolls with mini daggers not included. The cheshire cat might trade you his ears for your goggles. Modifications of the Host. How long is forever? Sometimes, just one second.
The Complete MF Collection
THE COMPLETE MF COLLECTION by Beeple
The Switch
The Switch is a unique, “one of one” NFT that demonstrates the evolution of artwork in the digital realm. The Switch is developed to change form at a specific point of time in the future, known by Pak. The evolution is determined and rendered immutable by smart contracts, or self-executing code on the Ethereum blockchain.