Lazarus Group Used Fake Blockchain Game to Exploit Zero-Day Vulnerability in Google Chrome-web3.0-php.cn

Home

web3.0

Lazarus Group Used Fake Blockchain Game to Exploit Zero-Day Vulnerability in Google Chrome

Patricia Arquette

Oct 24, 2024 am 09:54 AM

Lazarus Group Chrome vulnerability fake NFT game

The North Korean Lazarus Group of hackers used a fake blockchain-based game to exploit a zero-day vulnerability in Google’s Chrome browser and install spyware

Lazarus Group Used Fake Blockchain Game to Exploit Zero-Day Vulnerability in Google Chrome

North Korean Lazarus Group hackers have exploited a zero-day vulnerability in Google Chrome to install spyware that steals wallet credentials, using a fake blockchain-based game to carry out the attack.

The Lazarus Group’s activities were detected by Kaspersky Labs analysts in May, who reported the exploit to Google. The vulnerability has since been fixed by Google.

Playing at a high risk

The hackers’ game, which was fully playable, was promoted on LinkedIn and X. It was called DeTankZone or DeTankWar and featured tanks represented by non-fungible tokens (NFTs) that competed in a global tournament.

Interestingly, users could get infected from the game’s website even without downloading the game itself. The hackers reportedly modeled the game on the existing DeFiTankLand.

According to the report, the hackers deployed Manuscrypt malware, followed by a previously unseen “type confusion bug in the V8 JavaScript engine.” This marked the seventh zero-day vulnerability found in Chrome in 2024 up to mid-May.

“The fake game was noticed by Microsoft Security back in February. However, by the time Kaspersky was able to look into it, the threat actor had already removed the exploit from the website,” Boris Larin, principal security expert at Kaspersky, told Securelist.

Despite this, the lab went ahead and informed Google about the exploit, and Chrome fixed the vulnerability before the hackers could reintroduce it.

Screenshot from Lazarus Group’s fake game, as shared by SecureList

Related: FBI highlights 6 Bitcoin wallets linked to North Korea, urging crypto exchanges to be vigilant

North Korea has a thing for crypto

Zero-day vulnerabilities are those that a vendor is made aware of for the first time, without any patch being ready for it. In this case, it took Google 12 days to patch the vulnerability in question.

Earlier this year, another zero-day vulnerability in Chrome was exploited by a separate North Korean hacker group to target crypto holders.

As reported by Microsoft Threat Intelligence, Lazarus Group is known to have a strong preference for cryptocurrency. According to crypto crime watcher ZachXBT, the group laundered over $200 million in crypto from 25 hacks between 2020 and 2023.

The United States Treasury Department has also accused Lazarus Group of being behind the 2022 attack on Ronin Bridge, which resulted in the theft of crypto valued at over $600 million.

Over the seven-year period from 2017 to 2023, North Korean hackers stole a total of more than $3 billion in crypto, according to cybersecurity firm Recorded Future.

Magazine: Lazarus Group’s favorite exploit revealed — An analysis of crypto hacks by the notorious group

The above is the detailed content of Lazarus Group Used Fake Blockchain Game to Exploit Zero-Day Vulnerability in Google Chrome. For more information, please follow other related articles on the PHP Chinese website!

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Pi Node Teaching: What is a Pi Node? How to install and set up Pi Node?Mar 05, 2025 pm 05:57 PM

Detailed explanation and installation guide for PiNetwork nodes This article will introduce the PiNetwork ecosystem in detail - Pi nodes, a key role in the PiNetwork ecosystem, and provide complete steps for installation and configuration. After the launch of the PiNetwork blockchain test network, Pi nodes have become an important part of many pioneers actively participating in the testing, preparing for the upcoming main network release. If you don’t know PiNetwork yet, please refer to what is Picoin? What is the price for listing? Pi usage, mining and security analysis. What is PiNetwork? The PiNetwork project started in 2019 and owns its exclusive cryptocurrency Pi Coin. The project aims to create a one that everyone can participate

Top 10 virtual digital currency app platforms in the world, the top ten virtual currency trading platforms in 2025Mar 05, 2025 pm 08:00 PM

With the booming development of the virtual currency industry, virtual digital currency trading platforms around the world are becoming increasingly stronger. This article focuses on the top ten virtual digital currency app platforms in the world in 2025, including Binance, OKX, Gate.io, Kraken, Gemini, FTX, Bybit, KuCoin, Huobi and Coinbase. These platforms are known for their advanced features, a wide range of transaction pairs, low fees and stable performance, providing users with a wide range of virtual currency trading options.

Qubetics ($TICS): The Revolutionizing AI CryptoMar 23, 2025 am 10:08 AM

Cryptocurrency has always been a realm where the cutting edge of technology meets bold ambition, and it's only getting more exciting in the future. As artificial intelligence continues to grow in influence, there are a handful of digital assets that

Understand the current situation and future of MEV on a single articleMar 04, 2025 pm 05:06 PM

Sui Blockchain's MEV (Maximum Extractable Value) strategy and future outlook MEV have become the core issues in the blockchain field, which are related to transaction sorting and arbitrage opportunities. Sui is committed to guiding the development of MEV through Sui Improvement Proposal (SIP) and other mechanisms, ensuring transparency, transaction security, network health, and participant rewards. In addition to existing mechanisms, more mechanisms are planned to be introduced to ensure that its core principles can effectively guide the evolution of MEVs on Sui. Design principles and considerations Sui's every transaction contains potential profit opportunities. Sui's MEV ecosystem consists of the following mechanisms: MEV transaction submission mechanism MEV opportunity release mechanism MEV

Bitcoin [BTC] was on a downtrend after losing the $92,000-support level in the final week of FebruaryMar 16, 2025 am 10:10 AM

Technical indicators such as the OBV showed that selling pressure has been dominant, meaning more losses may be likely ahead.

Bitcoin historical price list 2015-2025 Bitcoin price trend charts in the past decadeMar 12, 2025 pm 06:54 PM

This article reviews the ten-year price trend of Bitcoin from 2015 to 2025 in detail. Data shows that Bitcoin price fluctuates dramatically, experiencing huge changes from $200 to over $100,000. During this period, the price of Bitcoin was affected by a variety of factors, including halving of block rewards, market sentiment, regulatory policies, and global macroeconomic situation. The article analyzes the rise and fall of Bitcoin prices year by year, and focuses on interpreting the price changes in key years, providing a reference for investors to understand the history of Bitcoin prices and predict future trends. Keywords: Bitcoin price, Bitcoin trend, Bitcoin decade, digital currency, cryptocurrency

Top 10 Free Virtual Currency Exchanges Rankings The latest top ten virtual currency APP trading platformsMar 11, 2025 am 10:18 AM

The top ten free virtual currency exchanges are ranked: 1. OKX; 2. Binance; 3. Gate.io; 4. Huobi Global; 5. Kraken; 6. Coinbase; 7. KuCoin; 8. Crypto.com; 9. MEXC Global; 10. Bitfinex. These platforms each have their own advantages.

Top 10 digital currency app platforms rankings Virtual currency exchange latest rankings in 2025Mar 13, 2025 pm 06:45 PM

Top 10 digital currency app platforms: 1. OKX, 2. Binance, 3. Gate.io, 4. Kraken, 5. Coinbase, 6. Huobi, 7. KuCoin, 8. Crypto.com, 9. Bitfinex, 10. Gemini; these platforms are ranked according to factors such as transaction volume, security and user experience. When choosing, the platform's security, liquidity, transaction fees, currency selection, user interface and customer support should be considered.