Fake NFT Game Used by North Korean Hackers to Infect PCs and Steal Crypto
North Korean hackers in the Lazarus group have infected PCs with “Manuscrypt” malware via a malicious website that uses the Chrome browser to promote a supposed “play and earn” NFT game, according to a report from Russian cybersecurity firm Kaspersky.
The attacks used a zero-day Chrome exploit to conduct remote code execution (RCE), infecting the victim’s device when the website loaded. The researchers who discovered the exploit in May told Google that only a “limited number” of attacks were actually conducted, including a person’s computer in Russia. Google then released a fix for the type confusion bug enabling the attacks.
The fake game, called DeTankZone, promised to let players drive NFT tanks to battle others and earn “rewards,” presumably cryptocurrency or other NFTs. But the game was a front for the malicious attack, which had the RCE attack stored in one of the website’s index.tsx files, according to the report.
The hackers even went as far as creating multiple fake X accounts to promote their game under handles including @collectspin and @DeTankZone. The “CollectSpin” X account remains visible at time of writing, but it hasn’t posted since April.
The latter account had over 6,000 followers and over 5,000 posts before it was deleted. It was created in 2019, according to X’s data, meaning it may have been a hacked account repurposed for the scheme. Both accounts constantly asked users to “DM” them—a common tactic used by crypto scammers to lure victims into clicking on malicious links or downloading files. It also asked other crypto accounts to promote it, seemingly to help create a sense of legitimacy.
Perhaps the most surprising part of the whole scheme is that the game’s website actually contained a real, likely stolen, game built on Unity from a crypto project called DeFiTankLand. Kaspersky researchers were ultimately able to download the “beta” of the game and play against bots, despite having issues on the login screen. They found it to be somewhat “tacky” and underwhelming, though, like “shareware games from the early 2000s.”
Unsurprisingly, the researchers didn’t mention receiving NFTs or crypto from the game. If you played it, you probably only got malware, a compromised PC, and an empty crypto wallet.
Source link
#North #Korean #Hackers #Fake #NFT #Game #Infect #PCs #Steal #Crypto