Lazarus Group Levels Up with Fake Blockchain Game in Crypto Heist

October 26, 2024
A representational image explaining Lazurus's situation
A representational image explaining Lazurus's situation

Hold on to your wallets, crypto fans! The notorious North Korean Lazarus Group is back, and this time, they’re gaming the system… literally! Kaspersky dropped the bombshell early this week, revealing that the Lazarus Group crafted a sneaky scheme using a fake blockchain tank game to plunder crypto wallets faster than you can say “blockchain.” 🕹️💰

🎲 Level 1: Exploiting Chrome’s Kryptonite

Apparently, Lazarus found a flaw in Google Chrome (a “zero-day” for the techies out there) and decided to roll it into a video game that only looked fun. This “game” (or, let’s call it what it is—a malware smorgasbord) had one goal: hijack your crypto wallet! 😱 Imagine hopping onto a shiny new blockchain tank game, only to find out it’s more “Tank Your Portfolio” than “Tanks for the Win.”

🕵️‍♂️ Level 2: The Great Disguise (CVE-2024-4947)

So how did they pull it off? With Hollywood-level commitment, that’s how! Kaspersky’s top-notch detectives, who presented their findings in Bali of all places (jealous!), say Lazarus dressed this malware trap up in a professional-looking website. It was the “NFT Tank Wars” you’ve been waiting for! But instead of global domination in-game, you might have ended up with global domination of your devices by Lazarus. 👾💻

Plot twist: Lazarus used Chrome’s V8 JavaScript engine as their way in, exploiting a vulnerability so fresh it even had a “CVE” code (CVE-2024-4947, for the record). Google patched it ASAP, but not before Lazarus got in some cheeky wallet grabs. 🛠️

🎩 Level 3: Lazarus, the Influencer Wannabes

The North Korean group went full social media ninja with this one! First, they launched a fake site looking slick enough to lure unsuspecting crypto fans. They even got cozy with influencers and pumped the game on platforms like LinkedIn and X (formerly Twitter). Think they were AI-generated selfies, crypto jargon, and “tank battle” hashtags galore! 🤳📲

“Imagine scrolling your feed, just wanting to check the latest crypto memes,” said Kaspersky’s Boris Larin, “and suddenly you’re downloading a game that’s out for blood (and by blood, I mean your wallet info).” 🩸👛

🔥 Level 4: Tank Game, Trojan Horse-Style

The game Lazarus “developed” wasn’t just a simple prank—it was a nearly perfect replica of a real blockchain game, complete with stolen source code! So, when you clicked on the innocent-looking ZIP file, not only were you registering for “Tanks of Glory,” but you were also installing a little surprise: malware. 🤯

In fact, the actual game creators got hacked back in March 2024, and Lazarus must’ve thought, “Hey, why reinvent the wheel? Let’s borrow their code!” Talk about “reduce, reuse, recycle,” but make it cybercrime edition. ♻️💻

🤖 Level 5: Ultimate Social Engineering

Lazarus didn’t stop there—they used their newfound influencer skills to create social media hype that even a Kardashian would envy. They spent months generating fake posts and even recruited influencers (real or AI-generated, you decide 🤖) to boost the game’s credibility. Larin, from Kaspersky, explained, “The Lazarus crew didn’t just pull this off overnight. They were out there, engaging the community, hyping their ‘game,’ and—boom—capturing crypto.” 📈💀

🚨 Boss Level: Validator Shellcode

In a final twist, the malware ran a little check on each device it infected, just to see if it was worth the trouble. High-profile crypto wallet? Jackpot. An ancient laptop with only free crypto samples? Hard pass. If you made the cut, the malware’s mission went to the next level, although what happened next is still unknown. 👀🔍

The End (or Is It? 👀)

So, while you’re busy looking up the next great blockchain game, remember: the “Tank Wars” you’re playing might not be the only battle happening behind the screen! Be suspicious of crypto games offering big prizes and maybe think twice before you click on that shiny link… unless you want to “tank” your own wallet! 🛑💸

Read More

Gairika holds positions in BTC. This article is provided for informational purposes only and should not be construed as financial advice. The Shib Magazine and The Shib Daily are the official media and publications of the Shiba Inu cryptocurrency project. Readers are encouraged to conduct their own research and consult with a qualified financial adviser before making any investment decisions.

Leave a Reply

Your email address will not be published.

Hacker Briefly Borrows $20M in Crypto from US Gov, Returns it (Mostly) Intact
Previous Story

Hackers Briefly Borrow $20M in Crypto from US Gov, Returns it (Mostly) Intact

The Weekly Meme Digest
Next Story

The Weekly Meme Digest