Lazarus Group’s NFT Game Scam: Crypto Investors Beware of “DeTankZone” Trap

In a new wave of cyberattacks targeting cryptocurrency enthusiasts, North Korea’s infamous Lazarus Group has created an elaborate scheme using a fake NFT-based game. This scam highlights the increasing sophistication of cybercriminals in the crypto space, combining social engineering with advanced malware to infiltrate victims’ systems. The fraudulent campaign, uncovered by Kaspersky researchers, reveals new tactics aimed at tricking investors.

The DeTankZone Scam: A Dangerous New Front in Crypto Attacks

The Lazarus Group’s latest operation involves a fake NFT game called “DeTankZone,” which was launched with polished marketing, downloadable trials, and social media promotions. By posing as an innovative multiplayer battle game with DeFi and NFT elements, the hackers created a credible facade to lure unsuspecting victims.

The scam capitalized on platforms like X (formerly Twitter) and LinkedIn, where the group posed as blockchain companies or game developers seeking investments. Through targeted emails and social media messages, they convinced investors and gamers to download their malicious software.

Exploiting Chrome’s Vulnerability: CVE-2024-4947

The hackers exploited a zero-day vulnerability in Google Chrome—identified as CVE-2024-4947—to execute their attack. This flaw allowed them to bypass the browser’s V8 sandbox, gaining remote access to the victim’s system. Once compromised, they extracted sensitive data, including:

• Cookies and saved passwords

• Banking information and crypto wallets

• Personal financial records

This remote code execution could also open the door for future attacks, leaving affected systems vulnerable even after the initial breach.

Manuscrypt Malware: A Well-Executed Threat

The scam came to light in February 2024, when Kaspersky detected a new variant of Manuscrypt malware on a Russian user's device. Manuscrypt, which is frequently associated with Lazarus Group, allows attackers to spy on victims and exfiltrate critical data.

Interestingly, the attackers repurposed code from a legitimate game called DeFiTankLand, which itself suffered a $20,000 cryptocurrency theft earlier this year. This overlap raises insider threat concerns, suggesting that Lazarus Group might have been behind both the initial theft and the development of the fake DeTankZone game.

How Lazarus Group Exploits Social Engineering

The Lazarus Group’s use of social engineering techniques plays a crucial role in their success:

1. Targeted Messaging on X and LinkedIn: Hackers posed as blockchain companies or gaming projects to reach crypto investors.

2. Fake Business Deals: They offered investment opportunities and partnerships to gain trust.

3. Convincing Marketing: The fake game website featured professional graphics and convincing gameplay elements, making it difficult to detect the scam.

Protect Yourself: Tips for Crypto Investors and Gamers

1. Update Browsers and Software: Regularly update your browser to close security gaps like the CVE-2024-4947 vulnerability.

2. Beware of Suspicious Links: Avoid clicking on unsolicited links from unknown contacts, especially on social platforms.

3. Research Thoroughly: Verify the legitimacy of NFT projects and companies before making any investments.

4. Use Security Tools: Employ antivirus solutions like Kaspersky to detect and block malware.

5. Separate Wallets: Use different wallets for daily use and long-term storage of crypto assets.

FAQs

Final Thoughts: Stay Vigilant in the NFT Space

This attack by the Lazarus Group underscores the importance of vigilance in the NFT and crypto space. With hackers deploying sophisticated tactics, including social engineering and malware, the need for secure practices and awareness has never been greater. Investors and gamers must remain cautious, ensuring they verify projects and avoid suspicious activities.

For more information on the vulnerability or to report suspicious activity, visit Kaspersky’s security page or the Chrome vulnerability database.