Geeks for your information Security Security Vendors Kaspersky Kaspersky Security Blog v
How (not) to play tanks and catch a backdoor
How (not) to play tanks and catch a backdoor
harlan4096 Online
MalWare Zoo Team
*******
Posts: 13,650
Threads: 9,190
Thanks Received: 8,903 in 7,059 posts
Thanks Given: 9,584
Joined: 12 September 18
#1
Bug  08 November 24, 17:59
Quote:Cybercriminals have devised a new ruse: luring gamers to a modish crypto tank-game to gain full access to their computers.
 
[Image: how-to-play-tanks-and-catch-backdoor-FEATURED.jpg]

Battle City, colloquially known as “that tank game”, is a symbol of a bygone era. Some 30 years ago, gamers would pop a cartridge into their console, settle in front of a bulky TV, and obliterate waves of enemy tanks until the screen gave out.

Today, the world’s a different place, but tank games remain popular. Modern iterations offer gamers not just the thrill of gameplay but also the chance to earn NFTs. Cybercriminals too have something to offer: a sophisticated attack targeting crypto-gaming enthusiasts.

Backdoor and zero-day exploit in Google Chrome

This story begins in February 2024, when our security solution detected the Manuscrypt backdoor on a user’s computer in Russia. We’re very familiar with this backdoor; various versions of it have been used by the Lazarus APT group since at least 2013. So, given we already know the main tool and methods used by the attackers — what’s so special about this particular incident?

The thing is that these hackers typically target large organizations like banks, IT companies, universities, and even government agencies. But this time, Lazarus hit an individual user, planting a backdoor on a personal computer! The cybercriminals lured the victim to a game site and thereby gained complete access to their system. Three things made this possible:
  • The victim’s irresistible desire to play their favorite tank game in a new format
  • A zero-day vulnerability in Google Chrome
  • An exploit that allowed remote code execution in the Google Chrome process
Before you start to worry, relax: Google has since released a browser update, blocked the tank game’s website, and thanked the Kaspersky security researchers.

But just in case, our products detect both the Manuscrypt backdoor and the exploit. We’ve delved into the details of this story on the Securelist blog.

Fake accounts

At the start of the investigation, we thought the group had gone to extraordinary lengths this time: “Did they actually create an entire game just for a scam?” But we soon worked out what they’d really done. The cybercriminals based their game — DeTankZone — on the existing game DeFiTankLand. They really went all out, stealing the source code of DeFiTankLand and creating fake social media accounts for their counterfeit.

Continue Reading...
Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:

[-]
Recent Posts
Brave 1.73.91
Release Channel 1....harlan4096 — 10:11
AdGuard Browser Extension 5.0.169 (MV3)
AdGuard Browser Ex...harlan4096 — 10:10
uBOLite_2024.11.20.858
uBOLite_2024.11.20...harlan4096 — 10:09
CrystalDiskInfo 9.5.0 [2024/11/20]
9.5.0 ​ Added D...harlan4096 — 10:08
RogueKiller 15.19.2
V15.19.2 11/06/202...harlan4096 — 10:07

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
avatar (56)Stefanos

[-]
Online Staff
harlan4096's profile harlan4096
Administrator

>