Lazarus Group Hackers Exploit Chrome Vulnerability in Fake NFT Game to Steal Crypto Wallet Credentials
North Korean hackers, known as the Lazarus Group, have utilized a clever tactic to steal crypto wallet credentials by exploiting a Chrome vulnerability in a fake NFT game. According to security analysts at Kaspersky Labs, the cyberattack took advantage of a zero-day flaw in Google Chrome to gain unauthorized access to users’ devices. The hackers targeted a clone of a blockchain game called DeTankZone, which they presented as a play-to-earn multiplayer online battle arena (MOBA) to attract unsuspecting players.
To carry out their scheme, the Lazarus Group embedded malware directly into the game’s website, detankzone.com. This allowed them to infect any device that interacted with the site. By bypassing Chrome’s security protections using a vulnerability in its V8 JavaScript engine, they were able to execute remote code and deploy their Manuscrypt malware, granting them control over the users’ devices. With this access, they were able to retrieve sensitive crypto wallet credentials without the need for downloads or other typical interactions.
Once Kaspersky Labs discovered the exploit, they promptly informed Google, who issued a security update to address the vulnerability. However, by that time, the hackers had already accessed several devices. This incident has raised concerns about the potential impact of such attacks on global crypto users and businesses.
The Lazarus Group employed advanced social engineering techniques to create an illusion of authenticity around the game. They built a professional website and premium LinkedIn accounts to establish credibility. Furthermore, they utilized social platforms like X and LinkedIn, enlisting well-known crypto influencers to promote the fake NFT game using AI-generated marketing materials. This comprehensive approach attracted a wide audience, increasing the effectiveness of the attack.
This is not the first time the Lazarus Group has targeted the crypto industry. Between 2020 and 2023, they were linked to over 25 hacks by on-chain investigator ZachXBT, resulting in total losses exceeding $200 million. Their extensive history of cryptocurrency theft highlights their ongoing focus on this sector, with vulnerabilities and social engineering being their preferred methods of operation.
In addition to the recent fake NFT game exploit, the Lazarus Group has carried out numerous major crypto heists. In 2022, they reportedly stole over $600 million in ether (ETH) and USD Coin (USDC) through the Ronin Bridge hack. They have also been linked to cyberattacks on financial institutions and crypto platforms worldwide, as noted by the U.S. Treasury Department.
Data from 21.co revealed that as of September 2023, the Lazarus Group still possesses over $47 million in various cryptocurrencies, including Bitcoin, Binance Coin, Avalanche, and Polygon. Reports estimate that between 2017 and 2023, they accumulated more than $3 billion in digital assets, emphasizing their significant impact on the cryptocurrency industry.
The success of this attack relied heavily on social engineering tactics. Through polished promotional materials, AI-generated graphics, and convincing LinkedIn profiles, the Lazarus Group effectively disguised their fake NFT game as legitimate, luring in unsuspecting crypto enthusiasts. This sophisticated approach enabled them to bypass common cybersecurity defenses, expanding the pool of potential victims.