Kaspersky linked a Manuscrypt infection on a Russian user's PC to Lazarus activity delivered through detankzone[.]com, a fake DeFi NFT MOBA tank-game site. Visiting the site triggered hidden JavaScript that exploited a Google Chrome zero-day to gain remote code execution before the game download served as a distraction. The exploit chain included CVE-2024-4947 in Chrome's V8 Maglev compiler and a second step to bypass the V8 sandbox, giving attackers control of the victim system. Google patched the issue after disclosure and blocked campaign-related sites, while Microsoft separately tracked related North Korean activity under Moonstone Sleet but did not initially identify the browser zero-day component.