Lazarus Targets FinTech Engineers With MacOS Malware

Uploaded on 2022-08-22 in TECHNOLOGY--Hackers, INTELLIGENCE-Hot Spots-North Korea, FREE TO VIEW

The notorious North Korean APT known as Lazarus is using a fake job posting for Coinbase,  a US company that operates a crypto currency exchange platform in an  espionage campaign targeting users of Apple and Intel-based systems.

Hackers from the Lazarus group have been using a signed malicious executable for macOS to impersonate Coinbase to lure employees in the financial technology sector.

In particular, they are targeting workers at Web3 companies, although this specific social engineering campaign has so far been limited to malware for the Windows operating system.

Lazarus is exploiting the current popularity of the blockchain and crypto currency industry to target organisations and individuals using a malicious MacOS  exploit, identified by security researchers at ESET.  

ESET have posted a series of tweets explaining the campaign and how the threat actor impersonates Coinbase.

The illegitimate job posting advertises an open engineering manager role for product security. The campaign has been dubbed Operation In(ter)ception by security researchers. Researchers found that the malicious executable drops three files.  One is a decoy PDF document claiming to be from Coinbase, a bundle, and a downloader. The malware is similar to another sample that was found by ESET in May. This sample was also identified being used in a similar campaign; however, the latest sample is dated July 21, meaning that it is most likely an updated version.

Lazarus is well known as one of the most prolific APTs with a record of large scale and damaging attacks, typically intended to steal large amounts of money to fund North Korea's faltering economy.

More recently, Lazarus has diversified its tactics, with US law enforcement agonies pointing the finger at Lazarus as being responsible for a number of crypto currency thefts and North Korean hacker groups have long been linked to attacked on crypto currency exchanges s as well as in phishing campaigns aiming to infect targets of interest.

@ESET:     Threatpost:      Oodaloop:     Bleeping Computer:      Hacker News:

You Might Also Read: 

Coronvirus Phishing Campaign Targets Six Nations:

 

« Artificial Intelligence Can Improve Cyber Security
Ransomware Used Against Albania Linked To Iran »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

WEBINAR: How To Build And Implement An Effective Endpoint Detection And Response Strategy

WEBINAR: How To Build And Implement An Effective Endpoint Detection And Response Strategy

Join this webinar to learn how the cloud threat landscape is evolving and organizations are deploying more advanced and capable security controls at scale.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

E-Tech Computing

E-Tech Computing

E-Tech has been providing system support and information technology consulting services including Internet and Network Security assessments.

NCC Group

NCC Group

NCC Group is a global cyber and software resilience business operating across multiple sectors, geographies and technologies.

CCN-CERT

CCN-CERT

CCN-CERT is the Spanish national government computer security incident response centre.

Redbud

Redbud

Redbud is a specialist search and recruitment firm for Information Security professionals.

IronScales

IronScales

IronScales combines human intelligence with machine learning to automatically prevent, detect and respond to email phishing attacks.

Cyber Future Foundation (CFF)

Cyber Future Foundation (CFF)

CFF was established to create a cyberspace where digital commerce and innovation can thrive based on trust and respect to individual privacy.

ProtonMail

ProtonMail

ProtonMail is an easy to use secure email service with built-in end-to-end encryption and state of the art security features.

KLDiscovery

KLDiscovery

KLDiscovery is a global leader in delivering best-in-class eDiscovery, information governance and data recovery solutions.

Austrian Trust Circle

Austrian Trust Circle

Austrian Trust Circle is an initiative of CERT.at and the Austrian Federal Chancellery and consists of Security Information Exchanges in the areas of the strategic information infrastructure.

CyberSure

CyberSure

CyberSure is a programme of collaborations and exchanges between researchers aimed at developing a framework for creating and managing cyber insurance policy for cyber systems.

Montimage

Montimage

Montimage develops tools for testing and monitoring networks, applications and services; in particular, for the verification of functional, performance (QoS/QoE) and security aspects.

GMV

GMV

GMV is a technological business group offering solutions, services and products in diverse sectors including Intelligent Transportation Systems, Cybersecurity, Telecoms and IT.

Cyber Pathways

Cyber Pathways

Cyber Pathways brings together the next generation of Cyber professionals along with delegates who are looking to cross train and enter the cyber market.

Argentra

Argentra

Argentra is a specialist engineering company, we have years of experience developing custom security software and providing security risk consulting.

Secret Intelligence Service (SIS - MI6)

Secret Intelligence Service (SIS - MI6)

The UK’s Secret Intelligence Service, also known as MI6, has three core aims: stopping terrorism, disrupting the activity of hostile states, and giving the UK a cyber advantage.

NASK

NASK

NASK is a National Research Institute under the supervision of the Chancellery of the Prime Minister of Poland. Our key activities involve ensuring security online.