Lazarus Targets FinTech Engineers With MacOS Malware

The notorious North Korean APT known as Lazarus is using a fake job posting for Coinbase,  a US company that operates a crypto currency exchange platform in an  espionage campaign targeting users of Apple and Intel-based systems.

Hackers from the Lazarus group have been using a signed malicious executable for macOS to impersonate Coinbase to lure employees in the financial technology sector.

In particular, they are targeting workers at Web3 companies, although this specific social engineering campaign has so far been limited to malware for the Windows operating system.

Lazarus is exploiting the current popularity of the blockchain and crypto currency industry to target organisations and individuals using a malicious MacOS  exploit, identified by security researchers at ESET.  

ESET have posted a series of tweets explaining the campaign and how the threat actor impersonates Coinbase.

The illegitimate job posting advertises an open engineering manager role for product security. The campaign has been dubbed Operation In(ter)ception by security researchers. Researchers found that the malicious executable drops three files.  One is a decoy PDF document claiming to be from Coinbase, a bundle, and a downloader. The malware is similar to another sample that was found by ESET in May. This sample was also identified being used in a similar campaign; however, the latest sample is dated July 21, meaning that it is most likely an updated version.

Lazarus is well known as one of the most prolific APTs with a record of large scale and damaging attacks, typically intended to steal large amounts of money to fund North Korea's faltering economy.

More recently, Lazarus has diversified its tactics, with US law enforcement agonies pointing the finger at Lazarus as being responsible for a number of crypto currency thefts and North Korean hacker groups have long been linked to attacked on crypto currency exchanges s as well as in phishing campaigns aiming to infect targets of interest.

@ESET:     Threatpost:      Oodaloop:     Bleeping Computer:      Hacker News:

You Might Also Read: 

Coronvirus Phishing Campaign Targets Six Nations:

 

« Artificial Intelligence Can Improve Cyber Security
Ransomware Used Against Albania Linked To Iran »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Verisec International

Verisec International

Verisec International AB is a Swedish Tech company focused since inception in enabling Trust in Digital Transactions, through the development of proprietary cutting-edge technologies and services.

SecWest

SecWest

SecWest is the organizer of CanSecWest, PACSEC, originator of PWN2OWN, security auditing, and virtual engagement/training.

Ionic Security

Ionic Security

Ionic provide a high-assurance data protection and control platform built on strong encryption, fine-grain control and contextual analytics.

Luxar Tech

Luxar Tech

Luxar's network visibility products enable enterprises and service providers to monitor network traffic, improve security and optimize efficiency.

CSIRT Panama

CSIRT Panama

CSIRT Panama is the national Computer Incident Response Team for Panama.

SecureThings

SecureThings

SecureThings focus is to provide guidance and technology to secure connected vehicles in order to build end-to-end security for the automotive industry.

CyberWhite

CyberWhite

CyberWhite is a disruptive provider of cyber security and risk mitigation solutions.

Elevate Security

Elevate Security

Elevate is the leading Security Behavior Platform, changing employee security habits while giving security teams unprecedented visibility.

Maritime Cyber Threats Research Group - University of Plymouth

Maritime Cyber Threats Research Group - University of Plymouth

The Maritime Cyber Threats research group of the University of Plymouth is focused on investigating marine cyber threats and researching solutions.

NGN International

NGN International

NGN International is a full-fledged systems integrator and managed security services provider established in 2015 in Bahrain.

Seemplicity

Seemplicity

Seemplicity revolutionizes the way security teams work by automating, optimizing and scaling all risk reduction workflows in one workspace.

Resonance Security

Resonance Security

Resonance offers powerful cybersecurity aggregation software that makes protecting against full spectrum cybersecurity threats effortless no matter what your technical level, budget, or scope.

NinjaOne

NinjaOne

The NinjaOne Platform was built to help IT and MSP teams efficiently manage, patch, and support all endpoints.

DataTrails

DataTrails

DataTrails enables organizations to prove and verify the provenance and authenticity of any data they use in their business operations.

CertX

CertX

CertX is a Swiss functional safety, cybersecurity and artificial intelligence certification body.

Red Alpha Cybersecurity

Red Alpha Cybersecurity

At Red Alpha, we specialize in recruiting and rigorously training individuals passionate about cybersecurity.