The cryptocurrency industry was alarmed when the infamous North Korean hacker organisation Lazarus Group purportedly disseminated malware masquerading as a genuine NFT-based game in a recent cyberattack. It has been revealed that this malware gained access to victims’ devices and extracted precious crypto wallet credentials by taking advantage of security flaws in Google Chrome.
Users Are Attracted to the Deceptive Play-to-Earn Game Concept
Promoting an apparently authentic play-to-earn (P2E) game with in-game awards was how the hackers enticed their victims. But rather of providing amusement or revenue, this fraudulent game turned into a means of stealing users’ personal information and digital assets.
“DeTankZone” is a fake NFT game that contains malicious code.
According to Boris Larun and Vasily Berdnikov, cybersecurity researchers at Kaspersky Labs, the hackers built a phoney game called “DeTankZone,” adding NFT components to draw in cryptocurrency fans. A specific website, detankzone[.]com, was created and came with malware already installed. Users may be exposed to malware just by visiting the website; no downloads are necessary.
A JavaScript Exploit in Chrome Allows Remote Access
By exploiting a security hole in Chrome’s JavaScript V8 engine, the malware that was included on the DeTankZone website enabled Lazarus Group to get past Chrome’s security measures and run harmful code remotely. This gave the hackers complete access and control over compromised systems by enabling them to install Manuscrypt malware on victims’ devices.
Google Updates Problems, But Many Users Are Still in Danger
Google quickly released a security fix after being alerted by Kaspersky about its discoveries. However, the malware had already been extensively disseminated by the Lazarus Group, putting countless victims at danger of asset loss and data theft.
Strategies for Social Engineering to Increase Credibility
Lazarus Group used social engineering strategies to promote DeTankZone on social media sites like X (previously Twitter) and LinkedIn in order to increase the game’s legitimacy. They created expert LinkedIn profiles and recruited cryptocurrency influencers to give the game a phoney sense of authenticity.
An Engaging Game Interface Attracts Users
Lazarus created a captivating game interface with 3D graphics, immersive logos, and an enticing gameplay style in addition to social media promotion. Their malware campaign’s reach was increased by this complex arrangement, which successfully drew in a large user base.
The History of Lazarus Group’s Crypto Asset Targeting
Crypto assaults are nothing new to Lazarus Group. They carried out more than 25 cyber activities between 2020 and 2023, resulting in losses of almost $200 million. Interestingly, the group was implicated in the 2022 Ronin Bridge hack, which resulted in damages exceeding $600 million.
Lazarus Group’s Control Over Millions in Cryptocurrency Is Still a Threat
The Lazarus Group still possesses more than $47 million in cryptocurrency assets as of September 2023, including Bitcoin (BTC), Binance Coin (BNB), Avalanche (AVAX), and Polygon (MATIC), according to data from 21Shares. It is estimated that Lazarus Group stole more than $3 billion worth of digital assets between 2017 and 2023.
