Join our Telegram channel to stay up to date with the latest news
The Lazarus Group, a notorious hacker group made up of an unknown number of individuals believed to be run by the North Korean government, has resurfaced after several months of silence. In its recent incident, the hacker group used a fake non-fungible token-based game on Google’s internet browser (Chrome) and installed spyware that stole crypto and NFT wallet credentials.
Lazarus Crypto Hacker Group Resurfaces Online
In an October 24 blog post, Cointelegraph.com, a renowned crypto media platform, confirmed that the Lazarus hacker group had resurfaced online after moving underwater for several months. The Lazarus hacker group began by launching a fake non-fungible token game on Chrome and installing spyware that stole confidential information from crypto users in the fake game.
THE #North Korea #Lazarus A hacking group exploited a Google Chrome zero-day tracked as CVE-2024-4947 via a fake decentralized finance (DeFi) game targeting individuals in the cryptocurrency space. #Piracy #cybersecurity
– Anonymous🐾🐈⬛ (@YourAnonRiots) October 23, 2024
Lazarus Group is a North Korean state-sponsored cyber threat group linked to the North Korean Reconnaissance General Bureau (RGB). The North Korean Intelligence Agency (NKRGB) was created to spy, conduct covert operations and engage in cyber espionage. Since its inception, the RGB has devoted much of its time and attention to collecting data and attempting to infiltrate crypto funds from South Korea, the United States, and Japan.
Lazarus Group was thrust into the spotlight in 2021 after Sky Mavis, the developer of the popular blockchain-based video game Axie Infinity, suffered a breach that resulted in the loss of hundreds of millions of dollars in assets. After an extensive investigation, the FBI formally attributed the attack to the Lazarus Group. North Korean hackers have a history of cryptocurrency theft, having stolen more than $3 billion as of December 2023.
Lazarus Hacker Group Strikes Again in 2024
Based on the Cointelegraph report, analysts at Kaspersky Labs noticed the exploit in May and reported it to Google, which fixed it several days later. The hackers launched an online multiplayer battle arena game and promoted it on LinkedIn and X. The game tricked DeTankZone into using non-fungible tokens as tanks in a global competition. The fake NFT game was revealed and reported by Microsoft’s security team in February 2024.
Screenshot of Lazarus Group’s fake game. Source: Safelist
North Korean hackers had removed the exploit from the website before Kaspersky could analyze it. Kaspersky Labs informed Google anyway, and Google patched the Chrome vulnerability before hackers could use it again. Meanwhile, the number of victims affected by this violation is still unknown. Users who have previously interacted with the game are advised to reset all their passwords.
Related NFT News:
Most Wanted Crypto Launch – Pepe Unchained
- Layer 2 Coin Ecosystem
- Featured in Cointelegraph
- SolidProof and Coinsult audited
- Faceoff Rewards – pepeunchained.com
- Over $10M Raised at ICO – Ending Soon
Join our Telegram channel to stay up to date with the latest news