While the filename suggests a guide on poker tactics, it is actually a designed to deliver malware to specific targets, often in the cryptocurrency or online gambling sectors [2, 3]. Summary of the Threat Threat Actor: Lazarus Group (APT38) [1].
When the user runs the "poker" application, the legitimate program automatically loads the malicious DLL from the same directory—a technique called DLL Side-Loading [2].
Use of .7z or .rar archives protected by a password (provided in the chat/email) to bypass email gateway scanners [3]. Poker Stratigy.7z
Professionals in decentralized finance (DeFi), cryptocurrency exchanges, and gambling platforms [2].
Unsolicited files sent via social media or messaging apps from accounts posing as recruiters or industry experts [1]. While the filename suggests a guide on poker
Spear-phishing via platforms like LinkedIn or Telegram, where recruiters or "peers" share the archive under the guise of a professional resource or an industry-related tool [1, 3]. Technical Breakdown of the Attack Chain
To harvest browser credentials, session cookies, and cryptocurrency private keys [1, 3]. Use of
To give the attacker full control over the infected machine. Decoy Content