Lawrence Damilola
Cybersecurity leader Kaspersky has revealed an advanced malicious ΠΎperation aimed at cryptocurrency, orchestrated by the North Korean LazΠ°rus Group.
Announced Wednesday, this campaign saw Lazarus leveraging a previously unknown flaw in Google Chrome through a counterfeit blockchain game. According to the report, the exploit facilitated the installation of spyware designed to hijack wallet details.
The attack was identified in May 2024 and involved a fake blockchain-based gΠ°me as a cover to install spyware aimed at stealing wallet credentials. The group took advantage of a flaw in Chromeβs V8 JavaScript engine, allowing them to gain control over targeted devices. This vulnerability, labeled CVE-2024-4947, has since been patched by Google.
Kasperskyβs Global Research and Analysis Team, which presented its findings at the Security Analyst Summit in Bali, described how Lazarus Group used a fake NFT-based tank game to execute the attack. The website promoting the game appeared professional, inviting users to compete globally.
Related: Industry Celebrates the New $70M Domain Mogul But His Crypto Shadows Linger
βThe attackers went beyond typical tactics by using a fully functional game as a cover to exploit a Google Chrome zero-day and infect targeted systems,β said Boris Larin, Principal Security Expert at Kaspersky. He added that even simple actions like clicking on a link in an email or social media could compromise entire networks.
Fake Game Mirrors Real Blockchain Game
The fake blockchain game designed by Lazarus Group was used as a conduit to deliver malware. Kaspersky said that the game websiteβs design closely mirrored an actual blockchain game’s logo and visual quality, using stolen source code from the original developers. These helped to add credibility to the fake site. Campaigns on platforms such as LinkedIn and X (formerly Twitter) even promoted the game to potential victims in the crypto sector.
In March 2024, the legitimate developers of the real game, which was also blockchain-based, reported a breach involving the theft of $20,000 in cryptocurrency. Kaspersky researchers suspected that Lazarus Group was behind this earlier breach, as they repurposed the stolen source code to create the fake game. The malware was distributed through a ZIP file download containing the fake game, which required registration but also executed malicious code.
Related: Crypto Titans Bunker Down Now: Vitalik’s Austerity Vow, Binance $1B Bitcoin Shield
Lazarus Group Uses Social Engineering Techniques
Lazarus Groupβs attack involved sophisticated social engineering techniques to lure cryptocurrency investors. Kaspersky said that the group built an extensive social media presence over several months using AI-generated content and contacting crypto influencers to promote the fake game. βFor several months, the attackers were building their social media presence, regularly making posts on X from multiple accounts and promoting their game,β said Larin.
The attack chain also usΠ΅d a validator in the form of shellcode that gathered system information to determine if the infected device was worth further exploitation. The payload delivered after this phase remains unknown.
Read More
- BingX Exchange Suffers $26 Million Hack, Suspends Withdrawals
- Another Security Breach: Decentraland X Account Compromised
- Indiaβs WazirX Exchange Breached, Hacker Siphons Off $230M in Crypto
LAWRENCE
Lawrence is a cryptocurrency journalist covering blockchain developments and digital assets.
