The North Korean hacking collective Lazarus Group has again popped into infamy by exploiting a zero-day vulnerability in Google’s Chrome browser, posing a significant threat to cryptocurrency users.
The group, known for executing some of the largest cryptocurrency thefts, used the exploit to install spyware on victims’ devices, enabling the theft of cryptocurrency wallet credentials.
Kaspersky Team Detects Exploit
Security researchers at Kaspersky Labs uncovered that the Lazarus Group employed a fake play-to-earn blockchain game called DeTankZone (also known as DeTankWar) as a front for their attack. This multiplayer online battle arena game, featuring non-fungible tokens (NFTs) as tanks, was promoted on social media platforms like LinkedIn and X (formerly Twitter). While appearing legitimate, the game contained a hidden malicious script that exploited a vulnerability in Chrome. Merely visiting the site triggered the infection, allowing attackers to gain full control of the victim’s device.
According to Kaspersky, the first instance of this exploit was detected on May 13, 2024, when a Manuscrypt infection was found on a Russian individual’s computer. Kaspersky quickly reported the exploit to Google, which acted swiftly to patch the vulnerability.
High-Stakes Cyber Campaign
Boris Larin, principal security expert at Kaspersky Labs, remarked on the scale and ambition of this attack, saying,
“The significant effort invested in this campaign suggests they had ambitious plans, and the actual impact could be much broader, potentially affecting users and businesses worldwide.”
The Lazarus Group’s strategy centered around exploiting a zero-day vulnerability — a term referring to a security flaw that is unknown to the software vendor at the time it is being exploited. This marked the seventh such vulnerability discovered in Chrome in 2024, underscoring the increasing focus cybercriminals have on targeting widely used browsers for their attacks.
Google’s Response and Broader Implications
Google responded promptly by patching the vulnerability within 12 days and taking additional measures, including blocking the website associated with DeTankZone and others linked to the campaign. Users attempting to access these sites are now warned of their malicious nature, even if they aren’t using Kaspersky products.
The frequency of zero-day attacks, such as those executed by the Lazarus Group, highlights a growing security challenge. Zero-day vulnerabilities are particularly dangerous because they remain unpatched for a period, leaving even the most updated systems vulnerable. This attack mirrors a similar exploit earlier in 2024 when another North Korean hacking group used a different Chrome vulnerability to target cryptocurrency holders.
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.
Source: https://cryptodaily.co.uk/2024/10/north-korean-hackers-target-crypto-users-with-chrome-vulnerability