Lazarus Targets FinTech Engineers With MacOS Malware
The notorious North Korean APT known as Lazarus is using a fake job posting for Coinbase, a US company that operates a crypto currency exchange platform in an espionage campaign targeting users of Apple and Intel-based systems.
Hackers from the Lazarus group have been using a signed malicious executable for macOS to impersonate Coinbase to lure employees in the financial technology sector.
In particular, they are targeting workers at Web3 companies, although this specific social engineering campaign has so far been limited to malware for the Windows operating system.
Lazarus is exploiting the current popularity of the blockchain and crypto currency industry to target organisations and individuals using a malicious MacOS exploit, identified by security researchers at ESET.
ESET have posted a series of tweets explaining the campaign and how the threat actor impersonates Coinbase.
The illegitimate job posting advertises an open engineering manager role for product security. The campaign has been dubbed Operation In(ter)ception by security researchers. Researchers found that the malicious executable drops three files. One is a decoy PDF document claiming to be from Coinbase, a bundle, and a downloader. The malware is similar to another sample that was found by ESET in May. This sample was also identified being used in a similar campaign; however, the latest sample is dated July 21, meaning that it is most likely an updated version.
Lazarus is well known as one of the most prolific APTs with a record of large scale and damaging attacks, typically intended to steal large amounts of money to fund North Korea's faltering economy.
More recently, Lazarus has diversified its tactics, with US law enforcement agonies pointing the finger at Lazarus as being responsible for a number of crypto currency thefts and North Korean hacker groups have long been linked to attacked on crypto currency exchanges s as well as in phishing campaigns aiming to infect targets of interest.
@ESET: Threatpost: Oodaloop: Bleeping Computer: Hacker News:
You Might Also Read:
Coronvirus Phishing Campaign Targets Six Nations: