Cybersecurity leader Kaspersky has revealed an advanced malicious operation aimed at cryptocurrency, orchestrated by the North Korean Lazarus Group.
Announced Wednesday, this campaign saw Lazarus leveraging a previously unknown flaw in Google Chrome through a counterfeit blockchain game. According to the report, the exploit facilitated the installation of spyware designed to hijack wallet details.
The attack was identified in May 2024 and involved a fake blockchain-based game as a cover to install spyware aimed at stealing wallet credentials. The group took advantage of a flaw in Chrome’s V8 JavaScript engine, allowing them to gain control over targeted devices. This vulnerability, labeled CVE-2024-4947, has since been patched by Google.
Kaspersky’s Global Research and Analysis Team, which presented its findings at the Security Analyst Summit in Bali, described how Lazarus Group used a fake NFT-based tank game to execute the attack. The website promoting the game appeared professional, inviting users to compete globally.
“The attackers went beyond typical tactics by using a fully functional game as a cover to exploit a Google Chrome zero-day and infect targeted systems,” said Boris Larin, Principal Security Expert at Kaspersky. He added that even simple actions like clicking on a link in an email or social media could compromise entire networks.
Fake Game Mirrors Real Blockchain Game
The fake blockchain game designed by Lazarus Group was used as a conduit to deliver malware. Kaspersky said that the game website’s design closely mirrored an actual blockchain game’s logo and visual quality, using stolen source code from the original developers. These helped to add credibility to the fake site. Campaigns on platforms such as LinkedIn and X (formerly Twitter) even promoted the game to potential victims in the crypto sector.
In March 2024, the legitimate developers of the real game, which was also blockchain-based, reported a breach involving the theft of $20,000 in cryptocurrency. Kaspersky researchers suspected that Lazarus Group was behind this earlier breach, as they repurposed the stolen source code to create the fake game. The malware was distributed through a ZIP file download containing the fake game, which required registration but also executed malicious code.
Lazarus Group Uses Social Engineering Techniques
Lazarus Group’s attack involved sophisticated social engineering techniques to lure cryptocurrency investors. Kaspersky said that the group built an extensive social media presence over several months using AI-generated content and contacting crypto influencers to promote the fake game. “For several months, the attackers were building their social media presence, regularly making posts on X from multiple accounts and promoting their game,” said Larin.
The attack chain also used a validator in the form of shellcode that gathered system information to determine if the infected device was worth further exploitation. The payload delivered after this phase remains unknown.
Read More
- BingX Exchange Suffers $26 Million Hack, Suspends Withdrawals
- Another Security Breach: Decentraland X Account Compromised
- India’s WazirX Exchange Breached, Hacker Siphons Off $230M in Crypto
Lawrence does not hold any crypto asset. This article is provided for informational purposes only and should not be construed as financial advice. The Shib Magazine and The Shib Daily are the official media and publications of the Shiba Inu cryptocurrency project. Readers are encouraged to conduct their own research and consult with a qualified financial adviser before making any investment decisions.