Cybersecurity firm Kaspersky has uncovered a sophisticated cyberattack targeting cryptocurrency users, orchestrated by the infamous Lazarus Group, a North Korean hacking entity. The hackers exploited a zero-day vulnerability in Google Chrome, using a fake blockchain-based NFT game as a cover to steal wallet credentials and personal data.
The attack, first identified by Kaspersky’s Global Research and Analysis Team (GReAT) in May 2024, was presented at the Security Analyst Summit 2024 in Bali.
Sophisticated Social Engineering and AI Techniques
According to Boris Larin, Principal Security Expert at Kaspersky, the Lazarus Group used a fully functional blockchain-based game to lure victims into downloading malware. This malicious software exploited a vulnerability in V8 JavaScript, Google’s WebAssembly engine. After Kaspersky reported the flaw, Google promptly patched it.
The hackers went beyond typical tactics, incorporating social engineering techniques and AI-generated content to target cryptocurrency investors and enhance the credibility of their fake NFT game. They promoted the game through social media and LinkedIn campaigns, making it appear as a genuine project.
The Fake Game Targeted Crypto Investors
The fake game, marketed as an NFT-based competition with virtual tanks, mirrored the branding and visual quality of a legitimate game. The Lazarus Group even used stolen source code from the original game to further deceive users. After launching promotional activities, the real game developers reported that $20,000 in cryptocurrency was transferred from their wallets.
Lazarus hackers also attempted to engage crypto influencers for additional promotion, leveraging AI-generated images to enhance their credibility in the crypto space.
Global Impact of the Campaign
Kaspersky emphasized that this attack could have far-reaching consequences, affecting both individual users and businesses worldwide. Even seemingly innocuous actions, such as clicking a link from social media or an email, could result in full system compromise.
The attack demonstrated the lengths to which cybercriminals, particularly the Lazarus Group, are willing to go to steal cryptocurrency and breach personal and corporate networks.
For more insights on cybersecurity and blockchain, visit CentBit.Online – Crypto & Blockchain Expert Bangladesh.
Website: CentBit.Online – Crypto & Blockchain Expert Bangladesh