Lazarus Hackers Exploit Zero-Day Vulnerability in Chrome Using Fake NFT Games

Author

Sujha Sundararajan

Author

Sujha Sundararajan

About Author

Sujha has been recognised as 🟣 Women In Crypto 2024 🟣 by BeInCrypto for her leadership in crypto journalism.

Author Profile

Share

Copied

Last updated:

October 24, 2024 02:45 EDT

Why Trust Cryptonews

Cryptonews has covered the cryptocurrency industry topics since 2017, aiming to provide informative insights to our readers. Our journalists and analysts have extensive experience in market analysis and blockchain technologies. We strive to maintain high editorial standards, focusing on factual accuracy and balanced reporting across all areas - from cryptocurrencies and blockchain projects to industry events, products, and technological developments. Our ongoing presence in the industry reflects our commitment to delivering relevant information in the evolving world of digital assets. Read more about Cryptonews

Cybersecurity giant Kaspersky has uncovered a highly sophisticated crypto-targeted malicious campaign, led by the North Korean threat actor group Lazarus.

Unveiled on Wednesday, the Lazarus Group exploited a zero-day vulnerability in Google Chrome using a fake blockchain-based game. The exploit installed spyware to steal wallet credentials, the findings noted.

The attack’s findings, identified by Kaspersky’s Global Research and Analysis Team in May 2024, were presented at the Security Analyst Summit 2024 in Bali.

The analysis further revealed that the malicious campaign involved social engineering techniques and generative AI to target cryptocurrency investors.

“The attackers went beyond typical tactics by using a fully functional game as a cover to exploit a Google Chrome zero-day and infect targeted systems,” Boris Larin, Principal Security Expert at Kaspersky noted.

“With notorious actors like Lazarus, even seemingly innocuous actions—such as clicking a link on a social network or in an email—can result in the complete compromise of a personal computer or an entire corporate network.”

The actual impact of the campaign could be much larger, affecting users and businesses worldwide, Larin added.

Attackers Exploited Vulnerability Using Fake Game Website: Kaspersky

Per the cybersecurity expert team, the Lazarus Group exploited two vulnerabilities. This includes an unknown bug in V8 JavaScript on Google’s open-source and WebAssembly engine. Google later fixed the vulnerability following Kaspersky’s reporting.

“It allowed attackers to execute arbitrary code, bypass security features, and conduct various malicious activities,” the findings revealed.

The fake blockchain-based game invited users to compete globally with NFT tanks. The notorious group designed social media and LinkedIn promotional activities to appear genuine and promote the game. They also created AI-generated images to enhance credibility.

Additionally, the attackers also tried to engage crypto influencers for promotion.

Shortly after the attackers launched the game on social media, the real game developers claimed that US$20,000 in cryptocurrency had been transferred from their wallet.

The experts claimed that the fake game exactly mirrored the logo and visual quality of the original. As a result, the Lazarus hackers went to an extent to lend credibility to their attack.

Further, the attackers created the fake NFT game using stolen source code using all the references of the original version.