Fake Chain Game, Real Stolen Coins! North Korean Hacker Lazarus Exploits Chrome "Zero-Day Vulnerability" to Trick Cryptocurrency Assets

The notorious North Korean hacking group Lazarus Group, known for their disruptive activities, had previously stolen nearly $23 million from the Indian exchange WazirX, and has been involved in several other cases of cryptocurrency theft. This time, Lazarus targeted blockchain games. Lazarus created a fake online game, exploited a vulnerability in Google Chrome to plant spyware, and successfully stole users' cryptocurrency wallet credentials. The cybersecurity company Kaspersky discovered this issue in May this year and reported it to Google. The vulnerability has been patched by now.

Hidden Risks in Fake Chain Games

Lazarus has launched a fake chain game called "DeTankZone" or "DeTankWar," where players can use NFTs to compete with global players in tank battles.

Lazarus mimicked an existing chain game called "DeFiTankLand" to deceive many users into downloading it, and then used a Google Chrome vulnerability to implant malicious software to steal users' cryptocurrency wallet credentials.

Lazarus also heavily promoted the game through social platforms like LinkedIn and Twitter, and even attempted to contact influential KOLs in the crypto field to endorse their malicious website. Alarmingly, even if players did not download the game, their computers could still be infected simply by visiting the website.

Malicious Program Implanted through Chrome Vulnerability

Lazarus used a malicious software called "Manuscrypt" and exploited a "type confusion vulnerability" in the JavaScript V8 engine of the Chrome browser to attack users. This was the seventh zero-day vulnerability discovered by Chrome before May 2024.

What Are Zero-Day Vulnerabilities and Zero-Day Attacks?

A zero-day vulnerability refers to a security flaw that has not yet been discovered by software developers or cybersecurity experts but is already being exploited by attackers. Since the developers have not patched this vulnerability, attackers can exploit it on the "zero day," which is known as a zero-day attack, causing harm to the target system, application, or device.

The following are the typical steps attackers use zero-day vulnerabilities to invade and steal user data:

1. Induce installation of malicious software
2. Perform remote attacks
3. Take control of systems and devices
4. Steal user data or personal information

Microsoft Detected Anomalies in February, Google Spent Over Ten Days Patching the Vulnerability

As early as February this year, Microsoft's security team noticed this fake game, but when Kaspersky analyzed it, the North Korean hacker group Lazarus had already removed the vulnerable code from the website. However, Kaspersky still reported this issue to Google, and Google patched it before Lazarus could exploit the vulnerability again, but it took 12 days to fix the flaw.

ZachXBT Exposes North Korean Hacker Criminal Network, Posing as Developer Infiltration Team for Fundraising: Monthly Income of $500,000