Cyberattacks

Lazarus Hackers Use Suspected Chrome Zero-Day to Deploy Triple RAT Attack

Lazarus group exploits Chrome zero-day to target crypto firms with a three-stage malware attack, leading to significant DeFi disruptions.

By Content Team

Sep 2, 2025

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

A sophisticated Lazarus subgroup is targeting financial and crypto organizations with a three-stage malware attack that may exploit a Chrome zero-day vulnerability. The hackers pose as legitimate trading firm employees on Telegram, luring victims to fake meeting sites like counterfeit Calendly portals.

Once compromised, attackers deploy PondRAT as an initial loader, followed by the memory-resident ThemeForestRAT for stealth operations. After months of reconnaissance, they install RemotePE RAT for long-term access. The malware enables file manipulation, credential theft, and secure data exfiltration.

DeFi organizations have reported significant disruptions from these hidden backdoors. The attack chain uses advanced techniques including phantom DLL hijacking and rolling XOR encryption to evade detection, catching many security teams off guard despite known Lazarus activity.

Source: Cybersecurity News

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

Adobe Rushes Emergency Patch for Acrobat Reader Zero-Day Under Active Attack

Apr 13, 2026

Denmark Accuses Russia of Cyberattacks on Water Systems and Election Websites

Dec 21, 2025

Google's Vertex AI Default Settings Allow Privilege Escalation Attacks

Jan 18, 2026

Critical Net-SNMP Flaw Threatens Network Infrastructure Worldwide

Dec 25, 2025