Lazarus Targets FinTech Engineers With MacOS Malware

Uploaded on 2022-08-22 in TECHNOLOGY--Hackers, INTELLIGENCE-Hot Spots-North Korea, FREE TO VIEW

The notorious North Korean APT known as Lazarus is using a fake job posting for Coinbase,  a US company that operates a crypto currency exchange platform in an  espionage campaign targeting users of Apple and Intel-based systems.

Hackers from the Lazarus group have been using a signed malicious executable for macOS to impersonate Coinbase to lure employees in the financial technology sector.

In particular, they are targeting workers at Web3 companies, although this specific social engineering campaign has so far been limited to malware for the Windows operating system.

Lazarus is exploiting the current popularity of the blockchain and crypto currency industry to target organisations and individuals using a malicious MacOS  exploit, identified by security researchers at ESET.  

ESET have posted a series of tweets explaining the campaign and how the threat actor impersonates Coinbase.

The illegitimate job posting advertises an open engineering manager role for product security. The campaign has been dubbed Operation In(ter)ception by security researchers. Researchers found that the malicious executable drops three files.  One is a decoy PDF document claiming to be from Coinbase, a bundle, and a downloader. The malware is similar to another sample that was found by ESET in May. This sample was also identified being used in a similar campaign; however, the latest sample is dated July 21, meaning that it is most likely an updated version.

Lazarus is well known as one of the most prolific APTs with a record of large scale and damaging attacks, typically intended to steal large amounts of money to fund North Korea's faltering economy.

More recently, Lazarus has diversified its tactics, with US law enforcement agonies pointing the finger at Lazarus as being responsible for a number of crypto currency thefts and North Korean hacker groups have long been linked to attacked on crypto currency exchanges s as well as in phishing campaigns aiming to infect targets of interest.

@ESET:     Threatpost:      Oodaloop:     Bleeping Computer:      Hacker News:

You Might Also Read: 

Coronvirus Phishing Campaign Targets Six Nations:

 

« Artificial Intelligence Can Improve Cyber Security
Ransomware Used Against Albania Linked To Iran »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Ascentor

Ascentor

Ascentor specialises in independent information and cyber security consultancy. We’re experienced industry experts, providing cyber security services since 2004.

Atlantic Council

Atlantic Council

The Atlantic Council's Cyber Statecraft Initiative focuses on international cooperation, competition, and conflict in cyberspace.

DXC Technology

DXC Technology

DXC Technology helps global companies run their mission critical systems and operations while modernizing IT, optimizing data architectures, and ensuring security and scalability.

CryptoCodex

CryptoCodex

Cryptocodex has developed Counter-Fight, the most advanced, yet simple to implement, counterfeit detection system.

Zeneth Technology Partners

Zeneth Technology Partners

Zeneth is a consulting firm providing information technology and cybersecurity services to federal and commercial clients.

Renesas Electronics

Renesas Electronics

Renesas Electronics delivers trusted embedded design innovation with solutions that enable billions of connected, intelligent devices to enhance the way people work and live - securely and safely.

National Institute for Research & Development in Informatics (ICI Bucharest)

National Institute for Research & Development in Informatics (ICI Bucharest)

ICI Bucharest is the most important institute in the field of research, development and innovation in information and communication technology (ICT) in Romania.

stackArmor

stackArmor

stackArmor specializes in compliance and security-focused solutions delivered using our Agile Cloud Transformation (ACT) methodology.

Xscale Accelerator

Xscale Accelerator

Xscale's vision is to create world-class startups out of India by transforming sales and providing access to global markets.

Great American Insurance Group

Great American Insurance Group

Great American's Cyber Risk Division offers cyber solutions for small and medium-sized businesses.

Surfshark

Surfshark

Surfshark is a cybersecurity company focused on developing humanized privacy & security protection solutions to secure people's digital lives.

Roberts & Obradovic Law

Roberts & Obradovic Law

Roberts & Obradovic Law Group is a corporate, privacy, employment and litigation law firm.

The Cyber Scheme

The Cyber Scheme

The Cyber Scheme provides NCSC certified and assured assessments, training and career support for security testers & technical cyber professionals.

Cloud Software Group

Cloud Software Group

Cloud Software Group provides mission-critical software to enterprises at scale.

Intelidata Techedge Pvt. Ltd.

Intelidata Techedge Pvt. Ltd.

Intelidata are a Global Cyber Security Consultancy and Services firm that helps companies drive growth by minimizing risk and maximizing potential.

PureSoftware

PureSoftware

PureSoftware is a global software products and digital services company that is driving transformation for the world’s top organizations across various industry verticals.