Lazarus APT steals cryptocurrency and user data via a decoy MOBA game

Oct. 23, 2024, 1:19 p.m.

Description

Lazarus APT launched a sophisticated attack campaign using a decoy MOBA game website to exploit a zero-day vulnerability in Google Chrome. The exploit allowed remote code execution and bypassed the V8 sandbox. The attackers used social engineering tactics on social media to promote the fake game, which was actually stolen from legitimate developers. The campaign aimed to steal cryptocurrency and user data. Lazarus demonstrated advanced techniques, including using generative AI for content creation and exploiting newly introduced browser features. The attack highlights the ongoing threat to the cryptocurrency industry and the need for enhanced security measures against evolving APT tactics.

Date

Published: Oct. 23, 2024, 11:07 a.m.

Created: Oct. 23, 2024, 11:07 a.m.

Modified: Oct. 23, 2024, 1:19 p.m.

Indicators

59a37d7d2bf4cffe31407edd286a811d9600b68fe757829e30da4394ab65a4cc

7353ab9670133468081305bd442f7691cf2f2c1136f09d9508400546c417833a

Attack Patterns

Manuscrypt

Lazarus

T1608.004

T1588.001

T1583.001

T1588.004

T1608.001

T1588.002

T1211

T1204.001

T1566

T1190

T1068

T1059

CVE-2024-4947

Additional Informations

Technology

Finance