Phishing, Malware, Threat Intelligence

Fraudulent DeFi game leveraged in new crypto investor-targeted Lazarus attack

Share
Cryptocurrency on Binance trading app, Bitcoin BTC with altcoin digital coin crypto currency, BNB, Ethereum, Dogecoin, Cardano, defi p2p decentralized fintech market

(Adobe Stock)

North Korean hacking collective Lazarus Group has sought to exfiltrate cryptocurrency investors' assets in attacks involving a phony decentralized finance game that exploited the now-addressed Google Chrome zero-day type confusion flaw, tracked as CVE-2024-4947, according to BleepingComputer.

Identification of a Manscrypt backdoor malware compromise in May prompted the discovery of early exploitation of the Chrome vulnerability through the "detankzone[.]com" website for the fake NFT-based multiplayer online battle arena game DeTankZone, which contains source code stolen from the DeFiTankLand game and was advertised by Lazarus across social media platforms, LinkedIn accounts, and spear-phishing emails, a report from Kaspersky revealed. Attackers included a hidden script within the website that leveraged CVE-2024-4947 to corrupt Chrome's memory, enabling the compromise of browser history, cookies, passwords, and authentication tokens, before proceeding with the abuse of another Chrome V8 issue to enable remote code execution of a shellcode, which facilitated the exfiltration of OS, BIOS, and CPU data, as well as other reconnaissance efforts, researchers said.

Related

Novel PowerRAT, DCRat deployed via Gophish toolkit

Malicious emails with phishing links have been leveraged to launch either remote access trojan but while DCRat has been deployed through a remote HTML file, PowerRAT has been spread through a malicious Microsoft Word file that executes a rogue Visual Basic macro.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.