The notorious North Korean hacking group Lazarus has once again demonstrated its sophisticated cyber capabilities by exploiting a zero-day vulnerability in Google Chrome to steal cryptocurrency wallet credentials.
The group used a fake blockchain-based game called DeTankZone to lure unsuspecting victims. The game featured non-fungible tokens (NFTs) and offered the kind of excitement and rewards that attract the cryptocurrency and gaming communities. However, the game was a front for a malicious attack that exploited a vulnerability in Chrome's V8 JavaScript engine.
Victims were not required to download the game to be infected. Simply visiting the DeTankZone website was enough for the spyware to be installed on their devices. The hackers used a combination of known and newly discovered malware to steal wallet credentials and other sensitive information.
This attack highlights the growing sophistication of cybercrime and the importance of staying updated with the latest security patches. Users should be cautious about clicking on links or downloading files from unknown sources, especially those related to games or other online activities.
October 2024, Cryptoniteuae