Close Menu
    Defi

    Lazarus Group exploited Chrome vulnerability with fake NFT game

    By No Comments2 Mins Read

    30s Summary

    The North Korean hacker group, Lazarus Group, used a fake blockchain-based video game to conduct a phishing attack, exploiting a previously unknown vulnerability in Google’s Chrome browser. They created a decoy, known as DeTankZone or DeTankWar, and utilized non-fungible tokens (NFTs) to appeal to potential victims. Kaspersky Labs alerted Google to the exploit, which was patched within 12 days. Unfortunately, some users were infected by the website before downloading the game. The Lazarus Group has been implicated in stealing over $200 million through various crypto attacks, demonstrating a significant threat to crypto holders.

    Full Article

    A group of hackers from North Korea, known as the Lazarus Group, tricked people into a phishing trap using a fake blockchain-based video game. This decoy, called DeTankZone or DeTankWar, was a fully playable game that involved using digital collectors items known as NFTs like tanks in a global competition. Crazy, right?

    The even crazier part? The strategy they used to hack into Google’s Chrome browser. They took advantage of a software glitch that Google hadn’t found yet—a so-called “zero-day vulnerability”—to plant spyware capable of pilfering wallet details. Once the people over at Kaspersky Labs spotted this, they told Google right away, which successfully fixed the issue.

    I’d love to tell you that no one fell for the ruse, but sadly the website hosting the game infected users before they even downloaded it. These hackers, they found a way to replicate the model of a renowned game, DeFiTankLand and made it their own.

    Boris Larin, the big shot from Kaspersky, said that this was evidence of a wider plan, targeting more people and businesses online. It’s clear that the Lazarus Group has got a taste for cryptocurrency. Over the past few years, they’ve reportedly cleaned up over $200 million from various crypto attacks.

    So if you’re a crypto holder, be careful–especially with Chrome. North Korean hackers have a history of targeting crypto lovers through the browser. However, Google is on top of it; as soon as they learned of the vulnerability, they got to work and patched it up in 12 days.

    Remember, in the digital world we’re living in, it’s always better to err on the side of caution. It’s, unfortunately, a playground filled with internet tricksters like the Lazarus Group, who are always lusting after a taste of your shiny digital currency.

    Source: Cointelegraph

    Related Posts