Cybersecurity giant Kaspersky has revealed a highly sophisticated campaign targeting cryptocurrency users, orchestrated by the North Korean threat actor group Lazarus.

Announced on Wednesday, the Lazarus Group exploited a zero-day vulnerability in Google Chrome through a fake blockchain-based game. This exploit installed spyware aimed at stealing users’ wallet credentials, according to Kaspersky’s findings.

The attack was identified by Kaspersky’s Global Research and Analysis Team in May 2024 and presented at the Security Analyst Summit 2024 in Bali.

Advanced Techniques Employed

Kaspersky’s analysis highlighted the use of social engineering techniques and generative AI to specifically target cryptocurrency investors. “The attackers went beyond typical tactics by using a fully functional game as a cover to exploit a Google Chrome zero-day and infect targeted systems,” stated Boris Larin, Principal Security Expert at Kaspersky. He emphasized that even seemingly harmless actions—like clicking a link on social media or in an email—could lead to the total compromise of personal or corporate networks.

The actual impact of this campaign could extend far beyond the immediate targets, potentially affecting users and businesses globally, Larin noted.

Details of the Exploit

The Lazarus Group exploited two vulnerabilities, including an undisclosed bug in V8 JavaScript, Google’s open-source and WebAssembly engine. Google subsequently patched this vulnerability after Kaspersky’s reporting. This exploit allowed attackers to execute arbitrary code, bypass security features, and conduct various malicious activities.

The fake blockchain game encouraged users to compete globally with NFT tanks. The attackers crafted social media and LinkedIn promotions to appear legitimate and even generated AI-created images to enhance the game’s credibility. They also sought to engage crypto influencers for promotional purposes.

Shortly after launching the game on social media, the real developers reported that £20,000 in cryptocurrency had been stolen from their wallet. The fake game closely mirrored the original’s logo and visual quality, indicating the extent to which Lazarus went to lend credibility to their scheme. Additionally, the attackers utilized stolen source code, incorporating all references from the original version to deceive users effectively.

The post Hackers Use Fake NFT Games to Target Chrome’s Zero-Day Vulnerability appeared first on Koinreport.