North Korean hackers came up with a complex plan to steal cryptocurrency from unwary victims. In order to distribute malware that could access users’ digital wallets, they created a phoney NFT game named DeTankZone or DeTankWar. Exploiting a Google Chrome security flaw that let the attackers take users’ bitcoin without their awareness was a crucial component of this hack.
The Trap of the Fake Game
The operation’s infamous Lazarus Group didn’t cut any corners. They developed an advanced, fully functional online multiplayer game that allowed participants to compete worldwide using NFTs as tanks. At first glance, the game seemed like a genuine and entertaining blockchain-based “play-to-earn” game, luring players to sign up. Its legitimacy was increased by being promoted on a number of social media sites, such as LinkedIn and X (previously known as Twitter).
Taking Advantage of a Zero-Day Vulnerability
The ability of the hackers to take advantage of a zero-day vulnerability in Google Chrome posed the true threat. A software defect that hasn’t been discovered by the program’s creator and leaves it open to cyberattacks is known as a zero-day vulnerability. In this instance, gamers did not need to download anything in order to get infected—they simply had to go to the game’s website. The hackers stole private data, including wallet passwords, from users’ smartphones using the Manuscrypt malware.
Early Identification and Repair
When Microsoft Security discovered the scam in February 2024, the first indications of the intrusion appeared. But the hackers had already eliminated the exploit before cybersecurity specialists could thoroughly examine the software. In spite of this, Google intervened and fixed the security vulnerability within 12 days after Kaspersky Labs discovered additional questionable activity in May, preventing additional harm.
How it was pulled off by the hackers
The Lazarus Group created their phoney game by mimicking DeFiTankLand, a legitimate blockchain game, and fooling people into believing it to be authentic. The group’s strategies extended beyond only going after game downloaders. Additionally, they disseminated the malware without requiring direct downloads by infecting anyone who only went to the game’s website.
Their success was largely attributed to taking use of a type misunderstanding flaw in Chrome’s V8 JavaScript engine. Even digital behemoths like Google can fall victim to sophisticated hacking attempts, as seen by the eighth zero-day vulnerability discovered in Chrome in 2024.
