Lazarus Targets FinTech Engineers With MacOS Malware

The notorious North Korean APT known as Lazarus is using a fake job posting for Coinbase,  a US company that operates a crypto currency exchange platform in an  espionage campaign targeting users of Apple and Intel-based systems.

Hackers from the Lazarus group have been using a signed malicious executable for macOS to impersonate Coinbase to lure employees in the financial technology sector.

In particular, they are targeting workers at Web3 companies, although this specific social engineering campaign has so far been limited to malware for the Windows operating system.

Lazarus is exploiting the current popularity of the blockchain and crypto currency industry to target organisations and individuals using a malicious MacOS  exploit, identified by security researchers at ESET.  

ESET have posted a series of tweets explaining the campaign and how the threat actor impersonates Coinbase.

The illegitimate job posting advertises an open engineering manager role for product security. The campaign has been dubbed Operation In(ter)ception by security researchers. Researchers found that the malicious executable drops three files.  One is a decoy PDF document claiming to be from Coinbase, a bundle, and a downloader. The malware is similar to another sample that was found by ESET in May. This sample was also identified being used in a similar campaign; however, the latest sample is dated July 21, meaning that it is most likely an updated version.

Lazarus is well known as one of the most prolific APTs with a record of large scale and damaging attacks, typically intended to steal large amounts of money to fund North Korea's faltering economy.

More recently, Lazarus has diversified its tactics, with US law enforcement agonies pointing the finger at Lazarus as being responsible for a number of crypto currency thefts and North Korean hacker groups have long been linked to attacked on crypto currency exchanges s as well as in phishing campaigns aiming to infect targets of interest.

@ESET:     Threatpost:      Oodaloop:     Bleeping Computer:      Hacker News:

You Might Also Read: 

Coronvirus Phishing Campaign Targets Six Nations:

 

« Artificial Intelligence Can Improve Cyber Security
Ransomware Used Against Albania Linked To Iran »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

WEBINAR: 2024 and Beyond: Top Six Cloud Security Trends

WEBINAR: 2024 and Beyond: Top Six Cloud Security Trends

April 4, 2024 | 11:00 AM PT: Join this webinar to find out about six emerging trends dominating the cloud cybersecurity landscape.

Secunet Security Networks

Secunet Security Networks

Secunet is a leading cyber security company offering a combination of consultancy and products, delivering the highest level of security for data, applications and digital identities.

Resilient Information Systems Security (RISS)

Resilient Information Systems Security (RISS)

RISS is a research group is in the Department of Computing at Imperial College London.

JLT Specialty

JLT Specialty

JLT Specialty is a leading specialist insurance broker. Services offered include Cyber Risks insurance.

Sysmosoft

Sysmosoft

Sysmosoft specializes in providing highly secured telecommunication solutions for mobile devices for companies requiring protected access to sensitive data remotely.

Payatu

Payatu

Payatu Technologies is a security testing and services company specialized in Software, Application and Infrastructure security assessments and deep technical security training.

Simility

Simility

Simility's multi-layered fraud detection solution uses superior machine learning & device intelligence technology to safeguard your online businesses.

Bureau Veritas

Bureau Veritas

Bureau Veritas are a world leader in Testing, Inspection and Certification. We provide certification and training services in areas including cybersecurity and data protection.

Recovery Point Systems

Recovery Point Systems

Recovery Point is a leading national provider of IT secure and compliant infrastructure and business resilience services.

Anitian

Anitian

The Anitian Compliance Automation platform builds, configures, and monitors cloud environments to accelerate compliance for standards such as FedRAMP, PCI, ISO/GDPR and CJIS.

Tehtris

Tehtris

TEHTRIS XDR Platform was developed to control and improve the IT security of private and public companies against advanced cyber threats such as cyber espionage or cyber sabotage activities.

Adlumin

Adlumin

Adlumin Inc. provides the enterprise-grade security operations platform and managed detection and response services that keep mid-market organizations secure.

OurCrowd

OurCrowd

OurCrowd is a leading equity crowdfunding platform for investing in global startups.

Intellias

Intellias

Intellias is a trusted technology partner to top-tier organizations and digital natives helping them accelerate their pace of sustainable digitalization.

LogicalTrust

LogicalTrust

LogicalTrust security testing specialists find the weakest points in your company and show you how to fix them step-by-step, as well as how to improve your security.

Cyberani Solutions

Cyberani Solutions

Cyberani Solutions was created to fulfill the cybersecurity needs of industry and government in Saudi Arabia, and across the Middle East and North Africa regions.

Trovent Security

Trovent Security

Trovent was founded with a clear goal: to support medium-sized companies in significantly increasing their IT security level.