The North Korean hackers exploited a zero-day vulnerability in Google’s Chrome browser and installed spyware that stole wallet credentials by utilizing a false blockchain-based game.
The North Korean Hackers, Lazarus Group exploited a zero-day vulnerability in Google’s Chrome browser and installed spyware that stole wallet credentials by utilizing a false blockchain-based game. In May, Kaspersky Labs analysts identified the exploit and reported it to Google, which has since resolved the issue.
North Korean Hackers Exploits Chrome Vulnerability
The multiplayer online battle arena game that the hacker was promoting on LinkedIn and X was entirely playable and play-to-earn. DeTankZone or DeTankWar was the name of the game, which utilized non-fungible tokens (NFTs) as vehicles in a global competition.
Even if users did not download the game, they were infected by the website. The programmers based the game on the current DeFiTankLand.
The hackers employed malware known as Manuscrypt, which was subsequently followed by a previously unknown “type confusion bug in the V8 JavaScript engine.” It was the seventh zero-day vulnerability discovered in Chrome in 2024 through mid-May.
Boris Larin, the principal security expert at Kaspersky, stated:
“The significant effort invested in this campaign suggests they had ambitious plans, and the actual impact could be much broader, potentially affecting users and businesses worldwide.”
In February, Microsoft Security identified the fraudulent game. Kaspersky was unable to analyze the exploit because it had been withdrawn from the website by the hackers. Nevertheless, the lab notified Google of the vulnerability, and Google promptly resolved it in Chrome before the hackers could exploit it once more.
North Korea Love cryptocurrency
The vendor is caught off guard by zero-day vulnerabilities, and there is no remedy available to address them. Consequently, it required Google 12 days to address the vulnerability in question.
Another North Korean cyber group exploited an additional zero-day vulnerability in Chrome to target cryptocurrency holders earlier this year.
Lazarus Group has an affinity for cryptocurrency. According to ZachXBT, a crypto crime observer, it laundered more than $200 million in cryptocurrency from 25 breaches between 2020 and 2023.
The United States Treasury Department also accused Lazarus Group of being responsible for the attack on Ronin Bridge in 2022, which resulted in the theft of crypto worth over $600 million.
Between 2017 and 2023, North Korean hackers seized more than $3 billion in cryptocurrency, according to US cybersecurity firm Recorded Future.
