According to Cointelegraph, the North Korean Lazarus Group of hackers exploited a zero-day vulnerability in Google’s Chrome browser using a fake blockchain-based game to install spyware and steal wallet credentials. Kaspersky Labs analysts identified the exploit in May and reported it to Google, which has since addressed the issue.
The hackers developed a play-to-earn multiplayer online battle arena game named DeTankZone or DeTankWar, which utilized non-fungible tokens (NFTs) as tanks in global competitions. The game was fully playable and promoted on LinkedIn and X. Users were infected from the website even if they did not download the game. The hackers modeled the game on the existing DeFiTankLand.
The malware used in the attack was called Manuscrypt, followed by a previously unknown “type confusion bug in the V8 JavaScript engine.” This was the seventh zero-day vulnerability found in Chrome in 2024 through mid-May. Kaspersky principal security expert Boris Larin noted the significant effort invested in the campaign, suggesting ambitious plans with potentially broader impacts on users and businesses worldwide.
Microsoft Security first noticed the fake game in February. Although the hackers removed the exploit from the website before Kaspersky could analyze it, the lab still informed Google, which fixed the vulnerability in Chrome before it could be exploited again.
Zero-day vulnerabilities catch vendors off guard, with no immediate patch available. It took Google 12 days to patch the vulnerability in question. Earlier this year, another zero-day vulnerability in Chrome was exploited by a different North Korean hacker group targeting crypto holders.
Lazarus Group has a history of targeting cryptocurrency. Between 2020 and 2023, the group laundered over $200 million in crypto from 25 hacks, according to crypto crime watcher ZachXBT. The United States Treasury Department also alleged that Lazarus Group was behind the attack on Ronin Bridge, which resulted in the theft of over $600 million in crypto in 2022. Additionally, US cybersecurity firm Recorded Future reported that North Korean hackers collectively stole over $3 billion in crypto between 2017 and 2023.