A naukri.com initiative
Kaspersky
1M
140
Image Credit: Kaspersky
Kaspersky uncovers a crypto game created by Lazarus APT | Kaspersky official blog
- Cybercriminals have launched an attack on crypto gaming enthusiasts by using a zero-day vulnerability in Google Chrome and planting a backdoor on an individual's personal computer via a fake games website.
- The attack targeted DeTankZone, a game based on an original game DeFiTankLand, with the attackers creating almost identical social media accounts and a boost in followers through a full promotion campaign.
- The victim was led to believe that they were playing a beta version of the game and were asked to enter their email address and password to log in, giving the attackers complete access to their system.
- Kaspersky detected the Manuscrypt backdoor and the exploit, and Google later blocked the game's website and released a browser update.
- The Lazarus APT group has been using various versions of the backdoor since at least 2013 to target large organizations such as banks, IT companies, universities, and government agencies.
- The group has also used generative AI to launch attacks, and Kaspersky advises internet users to ensure their devices are protected and to keep informed about the latest scams.
- As the attack demonstrated, seemingly harmless web links can result in cybercriminals taking full control of a user's system, with more sophisticated attacks expected to involve AI in the future.
- The attackers stole elements of DeFiTankLand's source code and created fake social media accounts for their counterfeit.
- The fake game was promoted through phishing emails and offers to hundreds of cryptocurrency influencers.
- Kaspersky discovered the connection elements responsible for the game server, which was non-functional, and replaced the hackers' server with their own to play DeTankZone.
Read Full Article
8 Likes
For uninterrupted reading, download the app