Lazarus Hackers Created Fake Game to Exploit Zero-Day Vulnerability

The North Korean hacker group Lazarus has exploited a zero-day vulnerability in Google's Chrome browser through a fake blockchain-based game, allowing them to install spyware that captured users' wallet credentials.

Analysts at Kaspersky Labs detected this exploit in May and promptly reported it to Google, which has since addressed the issue.

The deceptive multiplayer online battle arena game, named DeTankZone (or DeTankWar), was fully playable and promoted on platforms like LinkedIn and X, featuring non-fungible tokens (NFTs) as tanks in a global competition.

Users were infected merely by visiting the game's website, even without downloading it.

The hackers modelled this game on an existing project called DeFiTankLand and employed malware named Manuscrypt, leveraging an undisclosed "type confusion bug" in the V8 JavaScript engine.

By mid-May, this was the seventh zero-day vulnerability discovered in Chrome in 2024.

Researchers at Kaspersky noted:

"Over the years, we have uncovered many [Lazarus] attacks on the cryptocurrency industry, and one thing is certain: these attacks are not going away. Lazarus has already successfully started using generative AI, and we predict that they will come up with even more elaborate attacks using it."

Kaspersky principal security expert Boris Larin said:

“The significant effort invested in this campaign suggests they had ambitious plans, and the actual impact could be much broader, potentially affecting users and businesses worldwide.”

Microsoft Security first identified the fake game in February, but by the time Kaspersky attempted to analyse it, the hackers had removed the exploit from their site.

Despite this, Kaspersky informed Google, who patched the vulnerability before it could be exploited again.

Kaspersky researchers Boris Larin and Vasily Berdnikov wrote:

"They focused on building a sense of trust to maximize the campaign's effectiveness, designing details to make the promotional activities appear as genuine as possible."

Notably, the Lazarus Group's campaign showcased sophisticated social engineering techniques, using multiple fake accounts and AI-generated content to lend an air of authenticity to their fraudulent game site.

Stolen Crypto by North Korean Hackers on the Rise

Zero-day vulnerabilities are particularly challenging for vendors because they catch them off guard, leaving no patches available at the onset.

In this instance, Google took 12 days to address the vulnerability.

Earlier this year, another North Korean hacker group exploited a different zero-day flaw in Chrome to target cryptocurrency holders.

The Lazarus Group, notorious for its interest in cryptocurrency, has reportedly laundered over $200 million from 25 hacks between 2020 and 2023, according to crypto crime analyst ZachXBT.

Additionally, US cybersecurity firm Recorded Future estimates that North Korean hackers collectively stole more than $3 billion in cryptocurrency from 2017 to 2023.