Lazarus hackers exploited a now-fixed Google Chrome bug in a scheme that infected victims with malware immediately upon visiting a game’s website and swiped their crypto.
North Korean hackers in the Lazarus group have infected PCs with «Manuscrypt» malware via a malicious website that uses the Chrome browser to promote a supposed «play and earn» NFT game, according to a report from Russian cybersecurity firm Kaspersky.
The attacks used a zero-day Chrome exploit to conduct remote code execution (RCE), infecting the victim’s device when the website loaded. The researchers who discovered the exploit in May told Google that only a «limited number» of attacks were actually conducted, including a person’s computer in Russia. Google then released a fix for the type confusion bug enabling the attacks.
The fake game, called DeTankZone, promised to let players drive NFT tanks to battle others and earn «rewards», presumably cryptocurrency or other NFTs.
