Welcome to the Off-Shore Club

The #1 Social Engineering Project in the world since 2004 !

Important Notice:

āœ…UPGRADE YOUR ACCOUNT TODAY TO ACCESS ALL OFF-SHORE FORUMSāœ…

[New]Telegram Channel

In case our domain name changes, we advise you to subscribe to our new TG channel to always be aware of all events and updates -
https://t.me/rtmsechannel

OFF-SHORE Staff Announcement: 30% Bonus on ALL Wallet Deposit this week


For example, if you deposit $1000, your RTM Advertising Balance will be $1300 that can be used to purchase eligible products and service on forums or request withdrawal. The limit deposit to get the 30% bonus is $10,000 for a $3000 Marketplace wallet balance Bonus.

Deposit Now and claim 30% more balance ! - BTC/LTC/XMR


Always use a Mixer to keep Maximum anonimity ! - BTC to BTC or BTC to XMR

šŸš€ Crypto North Korean Hackers Used Fake NFT Game to Steal Wallet Credentials: Report

Gold

Gr@c3

Holy HOLDER
šŸš€ Crypto ā‚æOP Club
USDT(TRC-20)
$3,000.0
Reports have emerged that bad actors allegedly tied to North Koreaā€™s Lazarus Group executed a complex cyberattack that used a fake NFT-based game to exploit a zero-day vulnerability in Google Chrome.

According to the report, the vulnerability ultimately allowed the attackers to access peopleā€™s crypto wallets.

Exploiting Chromeā€™s Zero-Day Flaw​


Kaspersky Labs security analysts Boris Larin and Vasily Berdnikov wrote that the perpetrators cloned a blockchain game called DeTankZone and promoted it as a multiplayer online battle arena (MOBA) with play-to-earn (P2E) elements.

Per the experts, they then embedded a malicious code within the gameā€™s website, detankzone[.]com, infecting devices that interacted with it, even without any downloads.

The script exploited a critical bug in Chromeā€™s V8 JavaScript engine, letting it bypass sandbox protections and enabling remote code execution. This vulnerability allowed the suspected North Korean actors to install an advanced malware called Manuscrypt, which gave them control over the victimsā€™ systems.

Kaspersky reported the flaw to Google upon discovering it. The tech giant then addressed the issue with a security upgrade days later. However, the hackers had already capitalized on it, suggesting a broader impact on global users and businesses.

What Larin and his security team at Kaspersky found interesting was how the attackers adopted extensive social engineering tactics. They promoted the tainted game on X and LinkedIn by engaging well-known crypto influencers to distribute AI-generated marketing material for it.

The elaborate setup also included professionally done websites and premium LinkedIn accounts, which helped create an illusion of legitimacy that attracted unsuspecting players to the game.

Lazarus Groupā€™s Crypto Pursuits​


Surprisingly, the NFT game wasnā€™t just a shell; it was fully functional, with gameplay elements such as logos, heads-up displays, and 3D models.

However, anyone visiting the P2E titleā€™s malware-ridden website had their sensitive information, including wallet credentials, harvested, enabling Lazarus to execute large-scale crypto thefts.

The group has demonstrated a sustained interest in cryptocurrency over the years. In April, on-chain investigator ZachXBT connected them to more than 25 crypto hacks between 2020 and 2023, which bagged them more than $200 million.

Additionally, the U.S. Treasury Department has linked Lazarus to 2022ā€™s infamous Ronin Bridge hack, in which they reportedly stole over $600 million in ether (ETH) and USD Coin (USDC).

Data collected by 21Sharesā€™ parent company 21.co in September 2023 revealed that the criminal group held more than $47 million in assorted cryptocurrencies, including Bitcoin (BTC), Binance Coin (BNB), Avalanche (AVAX), and Polygon (MATIC).

In total, they are said to have stolen digital assets worth more than $3 billion between 2017 and 2023.

The post North Korean Hackers Used Fake NFT Game to Steal Wallet Credentials: Report appeared first on CryptoPotato.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Friendly Disclaimer We do not host or store any files on our website except thread messages, most likely your DMCA content is being hosted on a third-party website and you need to contact them. Representatives of this site ("service") are not responsible for any content created by users and for accounts. The materials presented express only the opinions of their authors.
šŸšØ Do not get Ripped Off ! āš–ļø Deal with approved sellers or use RTM Escrow on Telegram
Gold
Mitalk.lat official Off Shore Club Chat


Gold

Panel Title #1

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

Panel Title #2

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.
Top