In May 2024, we discovered a sophisticated malware campaign by North Korean hackers that exploited zero-day vulnerabilities in Google Chrome to attack companies and individuals associated with the cryptocurrency industry. In short, the attackers plan was to lure the victims from the targeted group to a malicious website, silently attack their web browsers, install malware, and ultimately steal personal information and money. North Korean hackers are known to use this style of targeted attacks, they have carried out a couple of similar campaigns in the past, but their methods are constantly improving and they are always coming up with something new that sometimes really impresses us. So, for this campaign, they developed a very elegant and reliable Google Chrome exploit that allowed them to achieve RCE and break out of the V8 sandbox using a chain of two logical vulnerabilities. What's more, this time the attackers came up with a crazy social engineering tactic to lure victims to the malicious site - they built their own online game and used it as bait, promoting it for months through social media!