Cybercriminals Use Tank Game Scam to Gain Remote Access

Cybercriminals have devised a scheme involving a crypto-themed tank game to gain full access to players' computers. Modern tank games now offer NFT rewards, attracting both gamers and malicious actors. In February 2024, Kaspersky’s security systems detected the Manuscrypt backdoor on a personal computer in Russia, an unusual target for the Lazarus APT group, which typically focuses on larger entities like banks and universities. Lazarus exploited a user’s interest in playing a new tank game, leveraging a zero-day Chrome vulnerability and an exploit for remote code execution to install the backdoor. Though Google has since patched the browser and blocked the site, Kaspersky products now detect the exploit and backdoor. The attackers based their counterfeit game, DeTankZone, on DeFiTankLand, stealing its source code and setting up fake social media accounts to promote their version. This campaign included phishing emails and offers to influencers, resulting in greater visibility for the fake game than the original. The true game server was non-functional in the malicious version, and Kaspersky’s investigation revealed the code connections and replaced the server to test the game safely. This incident underscores that even benign-looking game links can lead to serious security threats. Users should remain vigilant, keep software updated, and rely on trusted security solutions to stay protected. Read more...