Lazarus Targets FinTech Engineers With MacOS Malware

Uploaded on 2022-08-22 in TECHNOLOGY--Hackers, INTELLIGENCE-Hot Spots-North Korea, FREE TO VIEW

The notorious North Korean APT known as Lazarus is using a fake job posting for Coinbase,  a US company that operates a crypto currency exchange platform in an  espionage campaign targeting users of Apple and Intel-based systems.

Hackers from the Lazarus group have been using a signed malicious executable for macOS to impersonate Coinbase to lure employees in the financial technology sector.

In particular, they are targeting workers at Web3 companies, although this specific social engineering campaign has so far been limited to malware for the Windows operating system.

Lazarus is exploiting the current popularity of the blockchain and crypto currency industry to target organisations and individuals using a malicious MacOS  exploit, identified by security researchers at ESET.  

ESET have posted a series of tweets explaining the campaign and how the threat actor impersonates Coinbase.

The illegitimate job posting advertises an open engineering manager role for product security. The campaign has been dubbed Operation In(ter)ception by security researchers. Researchers found that the malicious executable drops three files.  One is a decoy PDF document claiming to be from Coinbase, a bundle, and a downloader. The malware is similar to another sample that was found by ESET in May. This sample was also identified being used in a similar campaign; however, the latest sample is dated July 21, meaning that it is most likely an updated version.

Lazarus is well known as one of the most prolific APTs with a record of large scale and damaging attacks, typically intended to steal large amounts of money to fund North Korea's faltering economy.

More recently, Lazarus has diversified its tactics, with US law enforcement agonies pointing the finger at Lazarus as being responsible for a number of crypto currency thefts and North Korean hacker groups have long been linked to attacked on crypto currency exchanges s as well as in phishing campaigns aiming to infect targets of interest.

@ESET:     Threatpost:      Oodaloop:     Bleeping Computer:      Hacker News:

You Might Also Read: 

Coronvirus Phishing Campaign Targets Six Nations:

 

« Artificial Intelligence Can Improve Cyber Security
Ransomware Used Against Albania Linked To Iran »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Shavlik Protect

Shavlik Protect

Shavlik Protect is an easy-to-use security software solution that discovers missing patches and deploys them to the entire organization.

ACID Technologies

ACID Technologies

ACID provide a supplementary layer of protection by performing searches to detect potential threats and risks before actual attacks commence.

Sigma Payment Solutions

Sigma Payment Solutions

Sigma Payment Solutions offers a comprehensive suite of automated payment processing services, solutions, and technology to businesses in the USA.

NovaTech

NovaTech

NovaTech products and services make the world’s power grids and essential process industries more reliable, efficient, sustainable and secure.

Sliced Tech

Sliced Tech

Sliced Tech provides enterprise grade managed Cloud services, including Security-as-a-Services, aimed at meeting the needs of commercial and government clients from within Australia.

Berwick Partners

Berwick Partners

Berwick Partners’ Cyber Security Practice is a leading recruiter of senior management positions in this field; we have an exceptional understanding of the constantly changing Cyber landscape.

Vdoo

Vdoo

Vdoo provides an end-to-end product security platform for automating all software security tasks throughout the entire product lifecycle.

SevenShift

SevenShift

SevenShift is a security consulting firm with a wealth of experience in the worlds of Cybersecurity and Internet of Things (IoT).

Radically Open Security

Radically Open Security

Radically Open Security is the world's first not-for-profit computer security consultancy company.

Cyber NYC

Cyber NYC

Cyber NYC is a suite of strategic investments to grow New York City’s cybersecurity workforce, help companies drive innovation, and build networks and community spaces.

Global EPIC

Global EPIC

Global EPIC is an international cybersecurity initiative designed to combat growing world challenges by facilitating global collaboration in the field of cyber security.

Quantum Armor

Quantum Armor

Quantum Armor is a next-gen cyber security monitoring platform that allows you to continuously stay aware of your security posture, and proactively spot trends, vulnerabilities and potential attacks.

CyberHunter Solutions

CyberHunter Solutions

CyberHunter is a leading website security company that provides penetration testing, Network Vulnerability Assessments, cyber security consulting services to prevent cyber attacks.

RegScale

RegScale

RegScale helps organizations comply in real-time with multiple compliance requirements (NIST, CMMC, ISO, SOX, etc), scalable to meet the needs of the entire enterprise.

Credible Digital Security Pvt. Ltd. (CDSPL)

Credible Digital Security Pvt. Ltd. (CDSPL)

CDSPL is an innovative Cyber Security Services Company in India. We are committed to offering cyber security solutions for important sectors such as energy and utilities, healthcare, and more.

IDECSI

IDECSI

IDECSI delivers cutting-edge technology and engages all employees in the security system for effective and cost-efficient data protection.