in

Lazarus Group Launches Blockchain Game Aimed at Hijacking Chrome for Cryptocurrency Theft

Lazarus Group

A cybersecurity company reported that a well-known group of hackers from North Korea managed to steal $3 billion in cryptocurrencies using a deceptive blockchain game. According to Kaspersky Lab, the Lazarus Group exploited a serious flaw in the Google Chrome browser to access and drain the crypto wallets of unsuspecting users.

Lazarus Group’s $3 Billion Crypto Theft

This North Korean hacking group is said to have used the fraudulent game to amass over $3 billion in cryptocurrency, conducting this operation from 2016 to 2022.

This massive theft highlights a significant security oversight in Google’s Chrome browser, which failed to fix the vulnerability that was exploited.

Additionally, a blockchain investigator found that the Lazarus Group was behind 25 separate hacking incidents, successfully laundering $200 million in crypto.

Furthermore, there is evidence of a team of North Korean developers engaged with “established” cryptocurrency initiatives, reportedly earning a monthly salary of $500,000.

Related:  New Zealand Pursues Over 200,000 Crypto Investors for Unreported Earnings

The Questionable Gaming Strategy

Kaspersky Labs analysts Vasily Berdnikov and Boris Larin noted that the Lazarus Group launched a phony game known as DeTankZone (or DeTankWar), which focused on Non-Fungible Tokens (NFTs) to manipulate and steal from its victims.

The hackers cleverly used the zero-day vulnerability in Google Chrome to execute their malicious plan.

Lazarus Group Unleashes Blockchain Game To Exploit Chrome And Steal-Bitrabo

Berdnikov and Larin explained that the hackers lured individuals to a harmful website through the fake game, where they introduced malware known as Manuscript into the victims’ systems.

This malware compromised Chrome’s memory, allowing the hackers to acquire usernames, authorization tokens, and other critical information necessary for stealing cryptocurrency from their targets.

12 Days to Address the Vulnerability

Kaspersky Lab analysts detected the Lazarus Group’s activities in May and promptly notified Google about the vulnerability to aid in its resolution.

However, Google took 12 days to fix this zero-day flaw.

Boris Larin, a principal security expert at Kaspersky Lab, underscored that the considerable resources dedicated to this hacking campaign suggest that the group has extensive future plans.

Related:  Battle For Privacy: DOJ Targets Crypto Wallets, Stirring Major Concerns Over Digital Rights

He cautioned that the implications of their actions might be more significant than initially assumed.

This situation serves as a reminder that the fight against cybercriminals is ongoing. The vulnerabilities in Chrome highlight the need for regular upgrades to security measures and increased vigilance against cybersecurity threats.

Image from Le Parisien, chart data from TradingView

Report

What do you think?

99 Points
Upvote Downvote