North Korea’s infamous Lazarus Group has launched a sophisticated cyber campaign to scam cryptocurrency investors through a fake NFT game, DeTankZone. This new twist on crypto scams goes beyond basic phishing tactics, using advanced malware, social engineering, and a previously unknown Google Chrome vulnerability. Let’s explore how this attack unfolds and what it means for the crypto community and blockchain game developers.
Kaspersky researchers first identified the attack in February 2024 after a Russian national’s computer was infected with a new variant of the Manuscrypt malware. Lazarus Group created a fake blockchain game, DeTankZone, which appears to be an NFT-based multiplayer online battle arena game. The website promoting this game included impressive visuals, a downloadable trial, and social media marketing that made it look like a legitimate NFT gaming company.
This campaign targets cryptocurrency investors by promoting a “game” combining Decentralised Finance (DeFi) with NFTs. With the rise of interest in crypto investments and NFT gaming, Lazarus is tapping into one of the hottest trends. The fake game website and the social media presence around DeTankZone were crafted to lure individuals seeking good crypto investments, blockchain game development insights, or those eager to learn how to create their NFTs.
Read More: How to Spot and Avoid NFT Game Scams
The real danger behind DeTankZone lies in a hidden script embedded in the game’s promotional website. This script exploits a serious zero-day vulnerability in Google Chrome, known as CVE-2024-4947. This vulnerability, now patched, allowed the attackers to bypass Chrome’s V8 sandbox, granting them remote access to victims’ computers. Once in, they could capture sensitive information, including banking details, saved passwords, and cookies.
The attack’s potential to steal personal and financial data has made security experts emphasise the importance of updating Chrome and similar web browsers. It’s also a critical reminder that cryptocurrency investors should be cautious when engaging with new NFT projects, especially those involving downloadable files.
The Lazarus Group’s approach didn’t stop with the website. They used a highly targeted social engineering strategy to reach their audience. Leveraging platforms like X (formerly Twitter) and LinkedIn, the hackers set up accounts posing as reputable blockchain game development companies or crypto companies looking for investors. They shared visually appealing promotions and fake posts to drive interest in DeTankZone. In addition to public social media outreach, Lazarus hackers contacted individuals directly, posing as legitimate game developers or blockchain companies seeking investment. This strategy has proven successful in luring unsuspecting individuals, as it takes advantage of the excitement and potential profit in the crypto world.
Read More: Inside Social Engineering Scams in Crypto
Interestingly, it appears that DeTankZone was built using the stolen source code from another game, DeFiTankLand, which had its own security breach earlier this year. This connection suggests that Lazarus Group may have been behind both the original theft and the recent deception campaign. Such actions point to a potential insider threat or a targeted attack against the game’s original developers, raising further concerns about security within the blockchain and NFT gaming industry.
Visit here to explore more about this news.
By clicking "Accept", you agree to the storing of cookies on your device to enhance site navigation, analyze site usage and assist in improving your experience.
