This information was shared by Kaspersky's Global Research and Analysis Team (GReAT) at the Security Analyst Summit (SAS) in Bali, Indonesia recently.
Through research, cybersecurity experts discovered that the hacker group Lazarus APT Group had exploited the Manuscrypt malware, which was carried out in a sophisticated and methodical cyber attack campaign.
The attack campaign is a combination of social engineering and artificial intelligence methods, aiming to deceive cryptocurrency investors.
The Lazarus hacker group is known for its sophisticated cyberattack campaigns, often exploiting Zero-Day vulnerabilities (security vulnerabilities that have not been fixed) to attack cryptocurrency trading platforms.
The Lazarus group exploited two critical vulnerabilities in the popular Google Chrome browser. One of these security holes allows attackers to spread arbitrary malware, bypass strict security barriers, and execute malicious activities on infected devices.
Using the remaining vulnerability, the attackers created a fake website for the NFT Tanks video game, luring players into participating in global matches. To enhance the persuasiveness and effectiveness of the scam campaign, the hacker group not only focused on creating a realistic game interface but also carefully planned the promotion strategy.
They created social media accounts like X (formerly Twitter) and LinkedIn to promote the game for months, and used AI-generated images to add life and credibility, making players believe in the legitimacy of the game.
In addition, the hacker group also approached influential people in the cryptocurrency field, taking advantage of their popularity on social networks to expand the scope of the attack campaign. Not only did they use the images of these people to spread threats, they also sought to directly attack the cryptocurrency accounts of those influential individuals.
Shortly after the attackers released the fake version, the original game developer reported losing $20,000 in cryptocurrency. Notably, the fake game is almost identical to the original, with only minor changes to logo placement and image quality.
Through careful analysis of the source code, cybersecurity experts concluded that the Lazarus hacker group had invested a lot of effort to create a perfect copy.
By stealing the original source code and replacing the logo and other identifying elements, the hackers created an extremely sophisticated fake version, making it easy for users to be fooled and making this targeted attack more effective.
