Bitget App
Trade smarter
Buy cryptoMarketsTradeFuturesCopyBotsEarn
North Korean Lazarus Group created NFT game to exploit Chrome users

North Korean Lazarus Group created NFT game to exploit Chrome users

CryptopolitanCryptopolitan2024/10/24 03:48
By:By Steve Katte

Share link:In this post: North Korean hackers are believed to be behind a game website that uploads malware to users’ PCs when accessed. The fake game, DeTankZone or DeTankWar, was created using stolen source code from a legitimate game. It’s estimated that North Korean hackers stole over $3 billion in crypto in the six years before 2023.

North Korea’s Lazarus Group created a blockchain game to exploit a vulnerability in Google’s Chrome browser, install spyware and steal crypto wallet credentials, along with other user data. 

In an Oct. 23 report , cybersecurity firm Kaspersky Labs analysts Vasily Berdnikovand and Boris Larin said they found the Lazarus Group exploit in May and reported it to Google, which has since fixed the issue.

According to Berdnikov and Larin, hackers in the Lazarus Group used the game to coax users to a malicious website and infect computers with its malware Manuscript, which it has been using since at least 2013.

The code allowed the hackers to corrupt Chrome’s memory, eventually giving them access to users’ cookies, authentication tokens, saved passwords, and browsing history—everything they needed to steal user funds.

North Korean Lazarus Group created NFT game to exploit Chrome users image 0 Kaspersky Labs discovered the Lazarus Group plot back in May and promptly reported it to Google. Source: Kaspersky Labs

Another issue with the Javascript security mechanism V8 sandbox allowed Lazarus to access PCs to investigate whether continuing a cyber attack was worthwhile.

“We were able to extract the first stage of the attack — an exploit that performs remote code execution in the Google Chrome process,”  Berdnikov and Larin said.

“After confirming that the exploit was based on a zero-day vulnerability targeting the latest version of Google Chrome, we reported our findings to Google the same day.”

Two days after Google became aware of the exploit, it released an updated patch to solve the issue.

See also Ubisoft’s Secret Rayman Remake in development?

Stolen source code used to create game

The game itself, DeTankZone or DeTankWar, was a fully playable play-to-earn multiplayer online battle arena game with non-fungible tokens ( NFT ) tanks. Players could battle each other in online competition.

Berdnikov and Larin said Lazarus stole the source code from another legitimate game and promoted the pirated version heavily on social media.

The fake game had a website and promotional images generated using artificial intelligence.

North Korean Lazarus Group created NFT game to exploit Chrome users image 1 The Lazarus Group stole the source code of a legitimate game to help coax users to the website with the malware. Source Kaspersky Labs

“On the surface, this website resembled a professionally designed product page for a decentralized finance (DeFi) NFT-based (non-fungible token) multiplayer online battle arena (MOBA) tank game, inviting users to download a trial version,”  Berdnikov and Larin said.

“But that was just a disguise. Under the hood, this website had a hidden script that ran in the user’s Google Chrome browser, launching a zero-day exploit and giving the attackers complete control over the victim’s PC.”

Microsoft Security also flagged the game in a May post on X, noting that the malicious game DeTankWar was delivering new custom ransomware that Microsoft dubbed FakePenny.

“Microsoft has identified a new North Korean threat actor, Moonstone Sleet (Storm-1789), that combines many tried-and-true techniques used by other North Korean threat actors with unique attack methodologies for financial and cyberespionage objectives,” Microsoft Security said.

“Moonstone Sleet is observed to set up fake companies and job opportunities to engage with potential targets, employ trojanized versions of legitimate tools, create a malicious game called DeTankWar, and deliver a new custom ransomware that Microsoft has named FakePenny.”

See also The Kenya Revenue Authority (KRA) proposes real-time crypto tax monitoring

Losses to Lazarus Group estimated to be over $3 billion

Lazarus has become arguably the most notorious crypto hacker group since coming onto the scene in 2009. United States cybersecurity firm Recorded Future estimated in 2023 that North Korean hackers stole over $3 billion in crypto in the six years leading up to 2023.

A United Nations report also found North Korean hackers stole a significant amount of crypto assets in 2022, with estimates between $630 million and more than $1 billion, after groups started targeting networks of foreign aerospace and defense companies.

Blockchain detective ZachXBT estimates Lazarus laundered over $200 million in crypto from 25 hacks between 2020 and 2023. In an Aug. 15  post on X, he also claimed to have uncovered evidence of a sophisticated network of North Korean developers earning $500,000 a month working for “established” crypto projects.

At the same time, the US Treasury Department has also accused Lazarus of being the main culprit behind the 2022 attack on Ronin Bridge, which netted the hackers over $600 million in crypto.

0

Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.

PoolX: Locked for new tokens.
APR up to 10%. Always on, always get airdrop.
Lock now!

You may also like

241122: XRP Price Surges 25% as Headwinds for Ripple Clear Even More

XRP is closely-related to Ripple Labs, a high-profile payments company targeted by the SEC since 2020 on allegations of selling the token as a security to U.S. investors. Ripple fully cleared a long-drawn court case in 2024, bringing the spotlight back on XRP, a major token that commands a $77 bill

Bitget Academy2024/11/22 05:49