Hackers exploit zero-day flaw in Chrome during blockchain gaming

A North Korean hacker group, "Lazarus," has been using a zero-day flaw in Google Chrome to install spyware and steal cryptocurrency wallets through a blockchain-based game called DeTankZone or DeTankWar, which operates innocuously and utilizes NFTs as virtual tanks.

The vulnerability has been identified and a fix has been released, making it impossible to actively exploit.
The game's associated website removed the code exploiting the vulnerability promptly after it became publicly known.
Researchers from Kaspersky Labs were able to identify the flaw and report it to Google, leading to a fix being released.

The notorious hacker group known as “Lazarus,” associated with the North Korean government, has been exploiting a vulnerability in the Google Chrome browser to install spyware on victims’ systems through blockchain-based games. This group is taking advantage of a zero-day flaw, luring victims to a fake platform promising NFT-based gains on the blockchain. However, their real objective is to exploit this flaw to install spyware, steal cryptocurrency wallets, and potentially access sensitive data.

According to researchers from Kaspersky Labs, the game is being heavily promoted on social platforms like LinkedIn and X, and operates seemingly innocuously. Initially, users accessing the game would not notice any direct issues associated with it. Dubbed DeTankZone or DeTankWar, the game utilizes NFTs as “virtual tanks” for players to battle each other. The mere act of participating in the game is enough to enable a successful attack, even without downloading any content directly to the system.

The vulnerability targeted the Chrome browser’s V8 JavaScript engine, allowing remote commands to be sent directly to the system, potentially leading to malware installation and theft of sensitive data.

According to researchers, the game and its intentions were initially discovered in February by a Microsoft security expert. However, at that time, the exact format and attack vector were unknown.

Once the exploitation became publicly known, the game’s associated website removed the code exploiting the vulnerability even before Kaspersky Labs could verify it. However, evidence was found that helped identify the flaw, which was promptly reported to Google.

A fix for the vulnerability has since been released for Chrome and should already be present on the majority of systems, making it impossible to actively exploit. The disclosure of the flaw has now been made public since most systems are already updated, preventing any further exploitation.

About Our Team

Our team comprises industry insiders with extensive experience in computers, semiconductors, games, and consumer electronics. With decades of collective experience, we’re committed to delivering timely, accurate, and engaging news content to our readers.

Background Information

About Google:

Google, founded by Larry Page and Sergey Brin in 1998, is a multinational technology company known for its internet-related services and products. Initially for its search engine, Google has since expanded into various domains including online advertising, cloud computing, software development, and hardware devices. With its innovative approach, Google has introduced influential products such as Google Search, Android OS, Google Maps, and Google Drive. The company's commitment to research and development has led to advancements in artificial intelligence and machine learning.

Latest Articles about Google

About Microsoft:

Microsoft, founded by Bill Gates and Paul Allen in 1975 in Redmond, Washington, USA, is a technology giant known for its wide range of software products, including the Windows operating system, Office productivity suite, and cloud services like Azure. Microsoft also manufactures hardware, such as the Surface line of laptops and tablets, Xbox gaming consoles, and accessories.