The North Korean Lazarus Group of hackers created a fake blockchain-based game to exploit a zero-day vulnerability in Google’s Chrome browser, enabling them to install spyware that stole users' wallet credentials. The game, named DeTankZone or DeTankWar, was a playable multiplayer online battle arena that utilized non-fungible tokens (NFTs) as tanks in a competitive setting and was promoted on social platforms like LinkedIn and X. Users could be infected simply by visiting the website, regardless of whether they downloaded the game. Kaspersky Labs discovered the exploit in May, leading to Google patching the vulnerability within 12 days. Additionally, the campaign's sophisticated nature hints at substantial plans that could impact users and businesses globally. Lazarus Group has a known history of targeting cryptocurrency, having stolen significant amounts from various hacks between 2020 and 2023. This incident illustrates the ongoing risks for crypto holders, particularly from state-sponsored hacking activities.

Source 🔗