North Korea's infamous Lazarus Group has launched an elaborate campaign targeting cryptocurrency users worldwide, employing tactics such as a fake game website, Chrome zero-day vulnerabilities, AI-generated images, and professional LinkedIn accounts. The campaign, discovered by Kaspersky in February, lures users into downloading malware through a well-designed NFT-based tank game site called Detankzone. Lazarus used stolen game code and exploited two Chrome vulnerabilities, one of which (CVE-2024-4947) was unknown until Kaspersky reported it to Google. The group's use of social engineering, including fake social media accounts and collaboration with cryptocurrency influencers, is designed to build trust and steal from users. Analysts believe these attacks are part of Lazarus' effort to fund North Korea's missile program.