Lazarus APT steals cryptocurrency and user data via a decoy MOBA game

Oct. 23, 2024, 1:19 p.m.

Description

Lazarus APT launched a sophisticated attack campaign using a decoy MOBA game website to exploit a zero-day vulnerability in Google Chrome. The exploit allowed remote code execution and bypassed the V8 sandbox. The attackers used social engineering tactics on social media to promote the fake game, which was actually stolen from legitimate developers. The campaign aimed to steal cryptocurrency and user data. Lazarus demonstrated advanced techniques, including using generative AI for content creation and exploiting newly introduced browser features. The attack highlights the ongoing threat to the cryptocurrency industry and the need for enhanced security measures against evolving APT tactics.

External References

https://securelist.com/lazarus-apt-steals-crypto-with-a-tank-game/114282/
https://otx.alienvault.com/pulse/6718d8f0d71d6bf0054f8917
Tags
apt
exploit
social engineering
cryptocurrency
zero-day
CVE-2024-4947
2024-10-23
google chrome
manuscrypt
game
v8 sandbox

Date

  • Created: Oct. 23, 2024, 11:07 a.m.
  • Published: Oct. 23, 2024, 11:07 a.m.
  • Modified: Oct. 23, 2024, 1:19 p.m.

Indicators

  • 59a37d7d2bf4cffe31407edd286a811d9600b68fe757829e30da4394ab65a4cc
  • 7353ab9670133468081305bd442f7691cf2f2c1136f09d9508400546c417833a
Download all indicators here!

Attack Patterns

  • Manuscrypt
  • Lazarus

Additional Informations

  • Technology
  • Finance

Linked vulnerabilities

CVE-2024-4947

None
    Google Chrome
Published: May 15, 2024