North Korean hackers exploit zero-day vulnerability in Google Chrome via fake blockchain game

The infamous Lazarus group, a hacking organization from North Korea, has exploited a zero-day vulnerability in Google Chrome through a fake blockchain game. With this they managed to install spyware that could plunder cryptocurrency wallets. This incident was discovered in May by Kaspersky Labs, which immediately reported it to Google. The vulnerability has now been resolved.

What happened?

The hackers created a fully functional Play-to-Earn game called DeTankZone or DeTankWar, ​​which used non-fungible tokens (NFTs). The game was promoted through popular platforms such as LinkedIn and X (formerly Twitter). Even users who did not download the game were at risk of becoming infected through the website.

How did the hackers work?

Using malware called Manuscrypt and an unknown “type confusion bug” in Chrome’s V8 JavaScript engine, the hackers were able to gain access to sensitive data. This was already the seventh zero-day vulnerability discovered in Chrome in 2024.

Expert response

According to Boris Larin, chief security expert at Kaspersky, the hackers’ campaign was very well organised. He warned: “The impact could be global, with potential consequences for both users and businesses.”

Although Microsoft Security noticed the attack in February, the hackers quickly removed the malicious code before further analysis was possible. Thanks to Kaspersky’s timely notification, Google managed to close the vulnerability within twelve days.

Repeated attacks on cryptocurrencies

This incident is not an isolated incident. Earlier this year, North Korean hackers also targeted crypto holders through another zero-day vulnerability in Chrome. According to crypto watcher ZachXBT, the Lazarus group laundered more than $200 million in cryptocurrencies through 25 different hacks between 2020 and 2023.

In addition, the group is held responsible for the 2022 attack on the Ronin Bridge, in which more than $600 million in cryptocurrency was stolen. Research from Recorded Future shows that North Korean hackers have stolen more than $3 billion in crypto worldwide since 2017.

Conclusion

The ongoing cyber attacks by North Korean hackers on the crypto world highlight the importance of strong security measures. The use of zero-day vulnerabilities in popular software such as Google Chrome poses an ongoing risk to users.