North Korean hackers, part of the notorious Lazarus group, deployed malware through a fake NFT game called “DeTankZone,” using a zero-day Chrome exploit to execute remote code on victims’ devices.
According to cybersecurity firm Kaspersky, the malicious website appeared to offer a “play-to-earn” experience, allowing players to earn cryptocurrency by battling with NFT tanks. However, it was a cover for a malware attack using “Manuscrypt” to compromise victims’ systems.
The attackers utilized repurposed social media accounts, such as @collectspin and @DeTankZone, to promote the fake game and lure unsuspecting users into contacting them.
Google patched the exploit after being alerted in May, but only a limited number of attacks were reported. The game’s website even hosted a real Unity-based game stolen from DeFiTankLand, adding to its deceptive allure.
Despite the polished front, those who engaged with DeTankZone only ended up with compromised PCs and drained crypto wallets, as North Korean hackers continue targeting digital assets.
