Lazarus APT steals cryptocurrency and user data via a decoy MOBA game
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
Lazarus APT launched a sophisticated attack campaign using a decoy MOBA game website to exploit a zero-day vulnerability in Google Chrome. The exploit allowed remote code execution and bypassed the V8 sandbox. The attackers used social engineering tactics on social media to promote the fake game, which was actually stolen from legitimate developers. The campaign aimed to steal cryptocurrency and user data. Lazarus demonstrated advanced techniques, including using generative AI for content creation and exploiting newly introduced browser features. The attack highlights the ongoing threat to the cryptocurrency industry and the need for enhanced security measures against evolving APT tactics.
OPENCTI LABELS :
apt,google chrome,social engineering,exploit,zero-day,cryptocurrency,manuscrypt,cve-2024-4947,game,v8 sandbox
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Lazarus APT steals cryptocurrency and user data via a decoy MOBA game