{"id":97400,"date":"2024-10-23T18:15:21","date_gmt":"2024-10-23T22:15:21","guid":{"rendered":"https:\/\/coinscreed.com\/staging\/?p=97400"},"modified":"2024-10-23T18:15:26","modified_gmt":"2024-10-23T22:15:26","slug":"north-korean-hackers-hack-chrome-with-fake-nft","status":"publish","type":"post","link":"https:\/\/coinscreed.com\/staging\/north-korean-hackers-hack-chrome-with-fake-nft\/","title":{"rendered":"North Korean Hackers Exploits Chrome with Fake NFT Game"},"content":{"rendered":"\n<p>The <a href=\"https:\/\/coinscreed.com\/staging\/north-korean-hackers-attack-crypto-market.html\" data-type=\"post\" data-id=\"92145\">North Korean hackers<\/a> exploited a zero-day vulnerability in Google's Chrome browser and installed spyware that stole wallet credentials by utilizing a false blockchain-based game.<\/p>\n\n\n\n<figure class=\"wp-block-image aligncenter size-large\"><img fetchpriority=\"high\" decoding=\"async\" width=\"1024\" height=\"576\" src=\"https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2022\/12\/North-Korean-hackers-use-500-phishing-domains-to-steal-NFTs-1024x576.jpg\" alt=\"North Korean Hackers Exploits Chrome with Fake NFT Game\" class=\"wp-image-42755\" srcset=\"https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2022\/12\/North-Korean-hackers-use-500-phishing-domains-to-steal-NFTs-1024x576.jpg 1024w, https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2022\/12\/North-Korean-hackers-use-500-phishing-domains-to-steal-NFTs-300x169.jpg 300w, https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2022\/12\/North-Korean-hackers-use-500-phishing-domains-to-steal-NFTs-768x432.jpg 768w, https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2022\/12\/North-Korean-hackers-use-500-phishing-domains-to-steal-NFTs-150x84.jpg 150w, https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2022\/12\/North-Korean-hackers-use-500-phishing-domains-to-steal-NFTs-750x422.jpg 750w, https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2022\/12\/North-Korean-hackers-use-500-phishing-domains-to-steal-NFTs-1140x641.jpg 1140w, https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2022\/12\/North-Korean-hackers-use-500-phishing-domains-to-steal-NFTs.jpg 1200w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>North Korean Hackers Exploits Chrome with Fake NFT Game<\/em><\/figcaption><\/figure>\n\n\n\n<p>The North Korean Hackers, <a href=\"https:\/\/en.wikipedia.org\/wiki\/Lazarus_Group\" target=\"_blank\" rel=\"noreferrer noopener\">Lazarus Group<span class=\"wpil-link-icon\" title=\"Link goes to external site.\" style=\"margin: 0 0 0 5px;\"><svg width=\"24\" height=\"24\" style=\"height:16px; width:16px; fill:#000000; stroke:#000000; display:inline-block;\" viewBox=\"0 0 24 24\" version=\"1.1\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" xmlns:svg=\"http:\/\/www.w3.org\/2000\/svg\"><g id=\"wpil-svg-outbound-7-icon-path\" fill=\"none\" clip-path=\"url(#clip0_31_188)\">\r\n                            <path d=\"M9.16724 14.8891L20.1672 3.88908\" stroke-linecap=\"round\"\/>\r\n                            <path d=\"M13.4497 3.53554L20.5208 3.53554L20.5208 10.6066\" stroke-linecap=\"round\" stroke-linejoin=\"round\"\/>\r\n                            <path d=\"M17.5 13.5L17.5 16.26C17.5 17.4179 17.5 17.9968 17.2675 18.4359C17.0799 18.7902 16.7902 19.0799 16.4359 19.2675C15.9968 19.5 15.4179 19.5 14.26 19.5L7.74 19.5C6.58213 19.5 6.0032 19.5 5.56414 19.2675C5.20983 19.0799 4.92007 18.7902 4.73247 18.4359C4.5 17.9968 4.5 17.4179 4.5 16.26L4.5 9.74C4.5 8.58213 4.5 8.0032 4.73247 7.56414C4.92007 7.20983 5.20982 6.92007 5.56414 6.73247C6.0032 6.5 6.58213 6.5 7.74 6.5L11 6.5\" stroke-linecap=\"round\"\/>\r\n                        <\/g>\r\n                        <defs>\r\n                            <clipPath id=\"clip0_31_188\">\r\n                                <rect fill=\"white\" height=\"24\" width=\"24\"\/>\r\n                            <\/clipPath>\r\n                        <\/defs><\/svg><\/span><\/a> exploited a zero-day vulnerability in Google's Chrome browser and installed spyware that stole wallet credentials by utilizing a false blockchain-based game. In May, Kaspersky Labs analysts identified the exploit and reported it to Google, which has since resolved the issue.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">North Korean Hackers Exploits Chrome Vulnerability<\/h2>\n\n\n\n<p>The multiplayer online battle arena game that the hacker was promoting on LinkedIn and X was entirely playable and play-to-earn. DeTankZone or DeTankWar was the name of the game, which utilized <a href=\"https:\/\/coinscreed.com\/staging\/the-non-fungible-tokens-nfts.html\" data-type=\"post\" data-id=\"13343\">non-fungible tokens (NFTs)<\/a> as vehicles in a global competition.<\/p>\n\n\n\n<p>Even if users did not download the game, they were infected by the website. The programmers based the game on the current DeFiTankLand.<\/p>\n\n\n\n<p>The hackers employed malware known as Manuscrypt, which was subsequently followed by a previously unknown &#8220;type confusion bug in the V8 JavaScript engine.&#8221; It was the seventh zero-day vulnerability discovered in Chrome in 2024 through mid-May.<\/p>\n\n\n\n<p>Boris Larin, the principal security expert at Kaspersky, stated:<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u201cThe significant effort invested in this campaign suggests they had ambitious plans, and the actual impact could be much broader, potentially affecting users and businesses worldwide.\u201d<\/p>\n<\/blockquote>\n\n\n\n<p>In February, Microsoft Security identified the fraudulent game. Kaspersky was unable to analyze the exploit because it had been withdrawn from the website by the hackers. Nevertheless, the lab notified Google of the vulnerability, and Google promptly resolved it in Chrome before the hackers could exploit it once more.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/s3.cointelegraph.com\/uploads\/2024-10\/0192bb3f-131a-792a-b1fd-63dee90f8b3b\" alt=\"Screenshot from Lazarus Group\u2019s fake game. Source: SecureList\" \/><figcaption class=\"wp-element-caption\"><em>Screenshot from Lazarus Group\u2019s fake game. Source:\u00a0<\/em><a href=\"https:\/\/securelist.com\/lazarus-apt-steals-crypto-with-a-tank-game\/114282\/\" target=\"_blank\" rel=\"noreferrer noopener\"><em>SecureList<\/em><span class=\"wpil-link-icon\" title=\"Link goes to external site.\" style=\"margin: 0 0 0 5px;\"><svg width=\"24\" height=\"24\" style=\"height:16px; width:16px; fill:#000000; stroke:#000000; display:inline-block;\" viewBox=\"0 0 24 24\" version=\"1.1\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" xmlns:svg=\"http:\/\/www.w3.org\/2000\/svg\"><use href=\"#wpil-svg-outbound-7-icon-path\"><\/use><\/svg><\/span><\/a><\/figcaption><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>North Korea Love cryptocurrency<\/strong><\/h3>\n\n\n\n<p>The vendor is caught off guard by zero-day vulnerabilities, and there is no remedy available to address them. Consequently, it required Google 12 days to address the vulnerability in question.<\/p>\n\n\n\n<p>Another North Korean cyber group exploited an additional zero-day vulnerability in Chrome to target cryptocurrency holders earlier this year.<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-rich is-provider-twitter wp-block-embed-twitter\"><div class=\"wp-block-embed__wrapper\">\n<div class=\"embed-twitter\"><blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\"><p lang=\"en\" dir=\"ltr\">Moonstone Sleet is observed to set up fake companies and job opportunities to engage with potential targets, employ trojanized versions of legitimate tools, create a malicious game called DeTankWar, and deliver a new custom ransomware that Microsoft has named FakePenny.<\/p>&mdash; Microsoft Threat Intelligence (@MsftSecIntel) <a href=\"https:\/\/twitter.com\/MsftSecIntel\/status\/1795486443428630894?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener\">May 28, 2024<span class=\"wpil-link-icon\" title=\"Link goes to external site.\" style=\"margin: 0 0 0 5px;\"><svg width=\"24\" height=\"24\" style=\"height:16px; width:16px; fill:#000000; stroke:#000000; display:inline-block;\" viewBox=\"0 0 24 24\" version=\"1.1\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" xmlns:svg=\"http:\/\/www.w3.org\/2000\/svg\"><use href=\"#wpil-svg-outbound-7-icon-path\"><\/use><\/svg><\/span><\/a><\/blockquote><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/div>\n<\/div><\/figure>\n\n\n\n<p>Lazarus Group has an affinity for cryptocurrency. According to ZachXBT, a crypto crime observer, it laundered more than $200 million in cryptocurrency from 25 breaches between 2020 and 2023.<\/p>\n\n\n\n<p>The United States Treasury Department also accused Lazarus Group of being responsible for the attack on Ronin Bridge in 2022, which resulted in the theft of crypto worth over $600 million.<\/p>\n\n\n\n<p>Between 2017 and 2023, North Korean hackers seized more than $3 billion in cryptocurrency, according to US cybersecurity firm Recorded Future.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The North Korean hackers exploited a zero-day vulnerability in Google&#8217;s Chrome browser and installed spyware that stole wallet credentials by utilizing a false blockchain-based game. The North Korean Hackers, Lazarus Group exploited a zero-day vulnerability in Google&#8217;s Chrome browser and installed spyware that stole wallet credentials by utilizing a false blockchain-based game. In May, Kaspersky [&hellip;]<\/p>\n","protected":false},"author":59,"featured_media":42755,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[11476],"tags":[22483,147,4337],"class_list":["post-97400","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hacks-and-scams","tag-chrome","tag-nft","tag-north-korea"],"jetpack_featured_media_url":"https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2022\/12\/North-Korean-hackers-use-500-phishing-domains-to-steal-NFTs.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts\/97400","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/users\/59"}],"replies":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/comments?post=97400"}],"version-history":[{"count":0,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts\/97400\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/media\/42755"}],"wp:attachment":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/media?parent=97400"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/categories?post=97400"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/tags?post=97400"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}