Lazarus Targets FinTech Engineers With MacOS Malware

The notorious North Korean APT known as Lazarus is using a fake job posting for Coinbase,  a US company that operates a crypto currency exchange platform in an  espionage campaign targeting users of Apple and Intel-based systems.

Hackers from the Lazarus group have been using a signed malicious executable for macOS to impersonate Coinbase to lure employees in the financial technology sector.

In particular, they are targeting workers at Web3 companies, although this specific social engineering campaign has so far been limited to malware for the Windows operating system.

Lazarus is exploiting the current popularity of the blockchain and crypto currency industry to target organisations and individuals using a malicious MacOS  exploit, identified by security researchers at ESET.  

ESET have posted a series of tweets explaining the campaign and how the threat actor impersonates Coinbase.

The illegitimate job posting advertises an open engineering manager role for product security. The campaign has been dubbed Operation In(ter)ception by security researchers. Researchers found that the malicious executable drops three files.  One is a decoy PDF document claiming to be from Coinbase, a bundle, and a downloader. The malware is similar to another sample that was found by ESET in May. This sample was also identified being used in a similar campaign; however, the latest sample is dated July 21, meaning that it is most likely an updated version.

Lazarus is well known as one of the most prolific APTs with a record of large scale and damaging attacks, typically intended to steal large amounts of money to fund North Korea's faltering economy.

More recently, Lazarus has diversified its tactics, with US law enforcement agonies pointing the finger at Lazarus as being responsible for a number of crypto currency thefts and North Korean hacker groups have long been linked to attacked on crypto currency exchanges s as well as in phishing campaigns aiming to infect targets of interest.

@ESET:     Threatpost:      Oodaloop:     Bleeping Computer:      Hacker News:

You Might Also Read: 

Coronvirus Phishing Campaign Targets Six Nations:

 

« Artificial Intelligence Can Improve Cyber Security
Ransomware Used Against Albania Linked To Iran »

Quartz Conference
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

Perimeter 81 / Zero Trust Network Access Guide

Perimeter 81 / Zero Trust Network Access Guide

Curious how you can Implement a Zero Trust roadmap with insights from Gartner? Download this free report for a limited time only.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Blue Solutions

Blue Solutions

Blue Solutions is a consultancy-led, accredited software distributor who provides IT solutions and support to small and medium enterprises.

Imprivata

Imprivata

Imprivata's authentication, access management and secure communications solutions for healthcare improve provider productivity for better focus on patient care.

Chatham House

Chatham House

Chatham House is an independent policy institute based in London. Topics cover foreign affairs and defence including cyber security.

Lloyd's

Lloyd's

As an insurance market, Lloyd’s can provide access to more than 65 expert cyber risk insurers in one place.

InfoArmor

InfoArmor

InfoArmor delivers information protection solutions, intelligence and investigative services to help businesses fight evolving online threats.

colCERT

colCERT

colCERT is the national Computer Emergency Response Team for Colombia.

ABL Cyber Academy

ABL Cyber Academy

ABL provide certified training courses in the field of cyber security and IT project management.

Crashtest Security

Crashtest Security

Crashtest Security is a cyber security company that helps digital companies to continuously create secure software with the help of automated vulnerability assessments.

Carbide

Carbide

Carbide (previously Securicy) breaks down enterprise-class security and privacy requirements and makes them accessible to, and achievable by, companies of all sizes.

CloudVector

CloudVector

CloudVector's API Detection & Response platform is the only API Threat Protection solution that goes beyond the gateway to provide Shadow API Prevention and Deep API Risk Monitoring and Remediation.

Bessemer Venture Partners (BVP)

Bessemer Venture Partners (BVP)

Bessemer Venture Partners was born from innovations that literally forged modern building and manufacturing. Today, our team of investors works with people who want to create revolutions of their own.

SpecterOps

SpecterOps

SpecterOps has unique insight into the cyber adversary mindset and brings the highest caliber, most experienced resources to assess your organizations defenses.

CYMOTIVE Technologies

CYMOTIVE Technologies

Combining Israeli cyber innovation with a century of German automotive engineering. CYMOTIVE operates under the assumption that connectivity is a game changer for the automotive industry.

Stratus Technologies

Stratus Technologies

Edge Computing solves the inherent challenges of bandwidth, latency, and security at edge locations to enable IIoT devices and data acquisition.

Appalachia Technologies

Appalachia Technologies

Appalachia is a full service Managed Services Provider with a focus on cybersecurity, backed by the best engineers.

RubinBrown

RubinBrown

RubinBrown LLP is a leading accounting and professional consulting firm. The RubinBrown name and reputation are synonymous with experience, integrity and value.