North Korean hackers in the Lazarus group have been using a fake NFT game website to infect PCs with malware and steal cryptocurrency. The website, DeTankZone, promised a “play and earn” experience but was actually a front for a malicious attack that exploited a zero-day Chrome bug. When users visited the site, their devices were infected with the “Manuscrypt” malware, which allowed the hackers to conduct remote code execution.
The attackers created fake X accounts to promote the game and lure victims into clicking on malicious links or downloading files. The website contained a real, stolen game built on Unity, but the game was underwhelming and likely a distraction from the actual malware. The Chrome flaw used in the attack was introduced in version 117’s optimizing compiler, Maglev, and was fixed by Google after a limited number of attacks were reported.
This is the latest in a string of North Korean efforts to steal cryptocurrency, with the country’s hackers responsible for $600 million in crypto theft last year and $3 billion since 2017. The Lazarus group’s tactics highlight the ongoing threat of cybercrime and the importance of staying vigilant when interacting with unfamiliar websites or offers related to cryptocurrency.
