The game, named DeTankZone or DeTankWar, was designed to trick users into downloading malware and steal their cryptocurrency.
The hackers used a security hole in Google Chrome to install spyware that stole users’ wallet credentials.
The Fake Game Trap
The Lazarus Group didn’t cut corners with this scam. They created a fully playable, multiplayer online battle game where players could use non-fungible tokens (NFTs) as tanks in a global competition.
The game was promoted on social media platforms like LinkedIn and X (formerly Twitter). On the surface, it looked just like a fun blockchain game where you could “play-to-earn” rewards. But underneath, it was a trap waiting to be sprung.
Lazarus APT Hackers Exploit Chrome Zero-Day via Cryptocurrency Game: https://t.co/nrYuoA8qen
The Lazarus APT group exploited a zero-day vulnerability (CVE-2024-4947) in Google Chrome through a cryptocurrency-themed game on detankzone[.]com, detected by Kaspersky on May 13, 2024.…
— securityrss.ai (@securityRSS) October 23, 2024
Here’s where the trouble began. The hackers used a “zero-day” vulnerability in Google Chrome. A zero-day vulnerability is a flaw that hasn’t been discovered by the software maker, so there’s no immediate fix. In this case, the flaw allowed the hackers to infect users’ devices just by visiting the game’s website—no download needed! They used a type of malware called Manuscrypt, which helped them steal information like wallet passwords.
Even though Microsoft Security first noticed the scam back in February 2024, the hackers removed the exploit before cybersecurity experts could fully analyze it. Still, Kaspersky Labs noticed more suspicious activity in May, and they alerted Google. The company quickly got to work and patched up the security hole in just 12 days.
How the Hackers Pulled It Off
The Lazarus Group modeled their fake game after an existing game called DeFiTankLand. By creating a look-alike game, they managed to fool people into trusting it. Even worse, their game didn’t just target people who downloaded it—it infected users just by visiting the website.
Microsoft has newly discovered that #DPRK‘s Moonstone Sleet is using a malicious tank game it developed called DeTankWar (also known as DeFiTankWar, DeTankZone or TankWarsZone) to infect devices.#Lazarus https://t.co/L7cksYYtTZ
— myp0cket.eth (@MyP0cket) May 29, 2024
The Lazarus Group used something called a “type confusion bug” in Chrome’s JavaScript engine, known as V8. Hackers found the seventh zero-day vulnerability in Chrome in 2024 alone. This clearly shows that hackers can catch even big companies like Google off guard.
Disclaimer
The information discussed by Altcoin Buzz is not financial advice. This is for educational, entertainment, and informational purposes only. Any information or strategies are thoughts and opinions relevant to the accepted risk tolerance levels of the writer/reviewers and their risk tolerance may be different than yours. We are not responsible for any losses you may incur due to any investments directly or indirectly related to the information provided. Bitcoin and other cryptocurrencies are high-risk investments so please do your due diligence. Copyright Altcoin Buzz Pte Ltd.