216.73.217.86

Lazarus APT steals cryptocurrency and user data via a decoy MOBA game

· Published 23/10/2024 11:07 · Modified 23/10/2024 13:19

Export JSON

Essential information

Published
23/10/2024 11:07
Modified
23/10/2024 13:19
Tags
2024-10-23 CVE-2024-4947 apt cryptocurrency exploit game google chrome manuscrypt social engineering v8 sandbox zero-day
Related entities
1 vulnerabilities (cve), 2 observables, 1 intrusion sets (apt), 12 techniques (mitre), 1 malware, 2 others

Description

Lazarus launched a sophisticated attack campaign using a decoy MOBA website to a vulnerability in . The allowed remote code execution and bypassed the . The attackers used tactics on social media to promote the fake , which was actually stolen from legitimate developers. The campaign aimed to steal and user data. Lazarus demonstrated advanced techniques, including using generative AI for content creation and exploiting newly introduced browser features. The attack highlights the ongoing threat to the industry and the need for enhanced security measures against evolving tactics.

External references