Lazarus hackers exploited a now-fixed Google Chrome bug in a scheme that infected victims with malware immediately upon visiting a game’s website and swiped their crypto.
North Korean hackers in the Lazarus group have infected PCs with « Manuscrypt » malware via a malicious website that uses the Chrome browser to promote a supposed « play and earn » NFT game, according to a report from Russian cybersecurity firm Kaspersky.
The attacks used a zero-day Chrome exploit to conduct remote code execution (RCE), infecting the victim’s device when the website loaded. The researchers who discovered the exploit in May told Google that only a « limited number » of attacks were actually conducted, including a person’s computer in Russia. Google then released a fix for the type confusion bug enabling the attacks.
The fake game, called DeTankZone, promised to let players drive NFT tanks to battle others and earn « rewards », presumably cryptocurrency or other NFTs.
