Malaysia
Singapore
Philippines
Stay connected with BizTech Community—follow us on Instagram and Facebook for the latest news and reviews delivered straight to you.
The North Korean cybercriminal group known as Lazarus has been linked to a recent cyberattack involving a fake NFT-based game that exploited a zero-day vulnerability in Google Chrome. This sophisticated tactic allowed the attackers to install spyware and steal victims’ wallet credentials discreetly.
Hidden Threat Disguised as NFT Game
According to a report by Kaspersky Labs, released on October 23, 2024, their security systems identified an infection on a personal computer in Russia back in May 2024. The investigation uncovered a zero-day exploit in Google Chrome—one that Lazarus used to gain unauthorized access by exploiting security flaws.
The attack was traced to a deceptive website called DeTankZone, which was designed to appear as a legitimate page promoting an NFT multiplayer DeFi game named DeFiTankLand. However, lurking beneath the seemingly genuine website was a malicious script targeting Chrome users. This script exploited browser vulnerabilities, enabling the hackers to infiltrate systems and gain control of them.
Vulnerabilities Exploited to Bypass Chrome’s Security
Kaspersky’s investigation revealed that the attackers leveraged two vulnerabilities in Chrome, which allowed them to manipulate memory and execute unauthorized commands. Additionally, the attack bypassed Chrome’s V8 sandbox—a protective layer designed to prevent unauthorized code from running by isolating memory processes. This exploit gave the attackers free rein to execute arbitrary code on the infected device.
Boris Larin, a Principal Security Expert at Kaspersky’s Global Research and Analysis Team (GReAT), noted the significance of this incident:
“The attackers didn’t just rely on common methods—they embedded their attack within a fully functioning game to exploit a zero-day vulnerability in Chrome. Even seemingly harmless actions, like clicking a link in a social media post or an email, can result in total system compromise, whether on personal computers or across corporate networks.”
Rapid Response and Mitigation by Google
Upon discovering the exploit, Kaspersky immediately alerted Google, which released a patch within days to close the vulnerability, now cataloged as CVE-2024-4947. Additionally, Google blocked access to DeTankZone and other associated malicious websites to prevent further exploitation.
Lazarus Group: A Persistent Threat to Crypto Assets
Lazarus has become notorious for targeting cryptocurrency projects, with the primary goal of stealing and laundering digital assets. Recorded Future’s data shows that from 2017 to 2023, Lazarus stole over $3 billion in crypto funds. In 2023 alone, they were responsible for over 17% of all stolen crypto assets globally.
Independent blockchain investigator ZachXBT further reported that Lazarus laundered approximately $200 million in crypto through at least 25 separate attacks between 2020 and 2023.
This latest attack highlights the group’s growing sophistication and the increasing need for enhanced security measures, especially within the crypto space, where even seemingly trivial interactions can lead to devastating financial losses.