Lazarus Group exploits a Chrome vulnerability in a fake game scam targeting cryptocurrency investors, utilizing AI and social engineering tactics to deceive users.
The notorious Lazarus Group from North Korea is targeting cryptocurrency investors worldwide. They use a well-designed fake game website that looks genuine but hides malware. They also leverage a now-patched zero-day vulnerability in the Google Chrome browser. Additionally, they utilize AI-generated content and images to enhance their deception.
This elaborate campaign started in February. Since then, the group has opened many accounts on X. They have even engaged fake cryptocurrency executives to promote a game site containing malware. They point to the fact that the group has been changing its tactics.
Kaspersky Lab’s researchers have been paying particular attention to these trends. They said, “We have identified many [Lazarus] attacks targeting the cryptocurrency industry over the years. One thing is certain: these attacks are not going away.” They also pointed out that Lazarus is now using generative AI, which enables them to design more complex attacks in the future.
The Lazarus Group may not have the same notoriety as other cybercriminal groups outside the cybersecurity community, but it is among the most dangerous. It initially came to light when it hacked the Sony Pictures company in 2014. Since then, it has been associated with many other major occurrences, including the WannaCry ransomware attack and the $81 million cyber robbery of the Bank of Bangladesh.
Experts think that most of Lazarus’s financially motivated attacks are strategic. They are believed to be messages designed to raise money for the North Korea missile project.
Lazarus Group Targets Crypto Users with Fake Game Site
The latest campaign is observed to demonstrate refined social engineering techniques. At the core of their plan is a website, detankzone.com. It advertises a multiplayer online tank game built on NFTs. According to research by Kaspersky, the team identified the game as well-designed and functioning effectively. However, it was created using sources that have been stolen from a genuine game.
The group targeted two Chrome vulnerabilities. Of these, CVE-2024-4947 was a zero-day vulnerability that had not been previously discovered in Chrome’s V8 engine. This led to the ability of the attackers to run code within the browser. Kaspersky reported this vulnerability to Google in May and worked on it immediately. The second one did not have a specific identification number assigned to it. Still, it allowed the attackers to free themselves from the Chrome sandbox and get full control over the system.
Kaspersky highlighted the effort Lazarus Group put into social engineering. They aimed to create trust and maximize campaign effectiveness. Researchers noted that they designed details to appear genuine. Multiple fake accounts promoted the site through X and LinkedIn, utilizing AI-generated content for authenticity. This campaign underscores the ongoing threat Lazarus Group poses in the cryptocurrency sector.
