North Korean hackers use fake game to hack Google Chrome security flaw

Zero-day flaw used to steal sensitive data from Chrome browser

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

The notorious Lazarus cybercrime gang has been found targeting cryptocurrency users with a “stolen” computer game to attract potential victims.

For those unfamiliar with Lazarus, it’s a North Korean state-sponsored hacking collective known for targeting cryptocurrency companies and users, and has been responsible for some of the biggest crypto heists in history, with the money allegedly going into the country’s government and weapons program.

Cybersecurity researchers from Kaspersky recently found a new campaign that uses a fake game to lure people to a website. Lazarus uses the website to exploit two vulnerabilities in theChrome browser, and ultimately steal sensitive data from the device.

Cookies, tokens, and more

Kaspersky explained the crooks used a DeFi (decentralized finance) game known as DeFiTankLand, and simply rebranded it into DeTankZone. Users who visit the impersonated site and try to download the game will get a defunct product that doesn’t work past the login/registration screen. However, while visiting the website, a hidden script (index.tsx) will trigger an exploit for a type confusion vulnerability tracked as CVE-2024-4947.

This vulnerability was discovered in V8, Chrome’s JavaScript engine. When exploited, it corrupts the browser’s memory, and overwrites it, granting the crooks access to the address space of Chrome’s process. That, in turn, allows them to grab cookies, authentication tokens, browsing history, and saved passwords.

Since Chrome’s V8 is in a sandbox, and JavaScript execution is isolated from the rest of the system, Lazarus used a different vulnerability for remote code execution, Kaspersky said.

The researchers spotted the flaw in mid-May 2024, andGooglecame back with a fix two weeks later, on May 25. Cryptocurrency lovers who want to remain secure from Lazarus should bring their Chrome browsers at least to version 125.0.6422.60/.61. Lazarus has been operating this campaign since February, it was concluded.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

ViaBleepingComputer

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

GoPro Max 2 hit by further delays – 2025 is the earliest we’ll see the 360-degree action cam