Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

North Korean hackers use fake game to hack Google Chrome security flaw

Hacker silhouette working on a laptop with North Korean flag on the background.

The notorious Lazarus cybercrime gang has been found targeting cryptocurrency users with a “stolen” computer game to attract potential victims.

For those unfamiliar with Lazarus, it’s a North Korean state-sponsored hacking collective known for targeting cryptocurrency companies and users, and has been responsible for some of the biggest crypto heists in history, with the money allegedly going into the country’s government and weapons program.

Cybersecurity researchers from Kaspersky recently found a new campaign that uses a fake game to lure people to a website. Lazarus uses the website to exploit two vulnerabilities in the Chrome browser, and ultimately steal sensitive data from the device.

Cookies, tokens, and more

Kaspersky explained the crooks used a DeFi (decentralized finance) game known as DeFiTankLand, and simply rebranded it into DeTankZone. Users who visit the impersonated site and try to download the game will get a defunct product that doesn’t work past the login/registration screen. However, while visiting the website, a hidden script (index.tsx) will trigger an exploit for a type confusion vulnerability tracked as CVE-2024-4947.

This vulnerability was discovered in V8, Chrome’s JavaScript engine. When exploited, it corrupts the browser’s memory, and overwrites it, granting the crooks access to the address space of Chrome’s process. That, in turn, allows them to grab cookies, authentication tokens, browsing history, and saved passwords.

Since Chrome’s V8 is in a sandbox, and JavaScript execution is isolated from the rest of the system, Lazarus used a different vulnerability for remote code execution, Kaspersky said.

The researchers spotted the flaw in mid-May 2024, and Google came back with a fix two weeks later, on May 25. Cryptocurrency lovers who want to remain secure from Lazarus should bring their Chrome browsers at least to version 125.0.6422.60/.61. Lazarus has been operating this campaign since February, it was concluded.

Via BleepingComputer

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.