Hackers believed to be connected to North Korea’s Lazarus Group launched a cyberattack that tricked people into revealing their crypto wallet information. They did this by creating a fake NFT game with a built-in malware program.
The Flaw and the Malware
The malware took advantage of a security hole (zero-day vulnerability) in Google Chrome’s software. This allowed the attackers to steal information from people’s crypto wallets. Kaspersky Labs discovered the flaw and reported it to Google, who fixed it shortly after.
The fake game was called DeTankZone and was promoted online as a multiplayer game with features that let players earn crypto. People who visited the game’s website became infected with the malware, even if they didn’t download anything.
Social Engineering Tactics
The hackers used clever social engineering tactics to make the game seem real. They promoted it on social media platforms like Twitter and LinkedIn, and even got help from crypto influencers to spread the word. They also created professional-looking websites and used premium LinkedIn accounts to give the game an air of legitimacy.
Lazarus Group’s History of Crypto Theft
This isn’t the first time Lazarus Group has targeted cryptocurrency. In fact, they’ve been linked to over 25 crypto hacks in the past few years, stealing more than $200 million. They are also believed to be responsible for the huge Ronin Bridge hack in 2022, where they stole over $600 million worth of crypto.
Overall Impact
The impact of this attack is still unknown, but it highlights the risks associated with playing online games, especially those that involve cryptocurrency. It’s important to be cautious of unfamiliar games and websites, even if they seem well-made and promoted by seemingly trustworthy sources.