Latest Cyber Security News

You are here: Home / General Cyber Security News / Lazarus group targets macOS users with counterfeit crypto job offers
September 28, 2022

The infamous Lazarus team makes headlines again as the North Korean cybercrime syndicate appeared to mimic occupation features from ‘Crypto.com’ to steal cryptocurrency and NFTs from unsuspecting users.

Back in August 2022, Lazarus impersonated Coinbase and promoted destructive task provides to IT personnel to unfold Windows and macOS malware.

The cybercrime team is now masquerading job features from Crypto.com. The ongoing phishing campaign, by significantly, targets macOS consumers. For each stories, the malware is identical to that found in faux Coinbase occupation postings. 

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


Akin to earlier macOS strategies, the Lazarus group approached its targets by means of LinkedIn to ship a macOS binary masked as a PDF containing a 26-web site PDF file named ‘Crypto.com_Work_Opportunities_2022_confidential.pdf’ comprising counterfeit work vacancies at Crypto.com.

“Consistent with observations in the earlier campaign, this PDF is made with MS Word 2016, PDF edition 1.5. The document creator is stated as ‘UChan’,” confirmed Sentinel One in a report.

“The to start with stage malware opens the PDF decoy doc and wipes the Terminal’s existing savedState.”

“The second phase in the Crypto.com variant is a bare-bones application bundle named ‘WifiAnalyticsServ.app’ this mirrors the identical architecture noticed in the Coinbase variant, which made use of a next stage referred to as ‘FinderFontsUpdater.app’,” discussed Sentinel A single.

Nevertheless, inspite of the scope of the attack, Sentinel exposed Lazarus’ campaign is supposedly brief-termed as the binaries are devoid of any encryption.


Some sections of this article are sourced from:
www.itpro.co.uk

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *