The notorious Lazarus Group, linked to North Korea, has launched a sophisticated cyber attack aimed at cryptocurrency investors. This campaign, revealed by researchers at Kaspersky, has exposed how these hackers used social engineering tactics to lure unsuspecting victims into a fake NFT game.

The Fake Game: DeTankZone

The scam revolves around a counterfeit multiplayer online battle arena game called “DeTankZone.” Since its inception in February 2024, the website promoting the game appeared legitimate, complete with polished graphics, a downloadable trial version, and enticing marketing efforts.

Underneath the appealing exterior, the hackers took advantage of a serious flaw in Google Chrome, known as CVE-2024-4947. This vulnerability allowed them to create a hidden script that could gain control of the victim’s computer. Once compromised, attackers could access sensitive information such as cookies, saved passwords, and banking details. Kaspersky noted that this exploit could bypass Chrome’s security measures, enabling remote control and paving the way for additional malicious activities.

The Role of Social Engineering

To enhance their deception, the Lazarus Group employed advanced social engineering techniques. They used platforms like X and LinkedIn to pose as credible blockchain companies or game developers looking for investments. By crafting convincing emails and messages, they made their schemes appear even more trustworthy, successfully targeting potential investors.

Interestingly, this scam is not isolated. It appears that the Lazarus Group may have repurposed code from a legitimate game called DeFiTankLand, which suffered a security breach earlier this year that resulted in the theft of $20,000 in cryptocurrency. This raises concerns about insider threats, as it suggests a connection between the original theft and the current deceptive campaign.

The Lazarus Group’s latest scam highlights the ongoing risks that cryptocurrency investors face. By leveraging social engineering and exploiting security vulnerabilities, these hackers continue to find new ways to deceive and steal from unsuspecting individuals. Awareness and caution remain crucial in navigating the ever-evolving landscape of digital threats.