Mathisen Marketing

Your Marketing Blog

Lazarus Hacker Group Targets MacOS Users Through Crypto Jobs


As an affiliate, we may earn from qualifying purchases. We get commissions for purchases made through links on this website.

Receive $10 in Bitcoin when you buy or sell $100 or more on Coinbase!

The Lazarus Group are North Korean hackers who are now posting unsolicited and fake crypto jobs targeting Apple’s macOS operating system. A hacker group has introduced malware that performs the attack.

Cyber ​​security company SentinelOne is checking the latest version of this campaign.

The cyber security company found out that a group of hackers used decoy documents for advertising spots on a Singapore-based cryptocurrency exchange platform called and is carrying out the hack accordingly.

The latest version of the hacking campaign is called “Operation In(ter)ception”. The phishing campaign is reportedly targeting Mac users only.

The malware used in the hack has been found to be identical to Coinbase’s fake job postings.

Last month, researchers discovered and discovered that Lazarus was using fake Coinbase vacancies to trick macOS-only users into downloading malware.

How the group carried out the hack on the platform

This has been considered an orchestrated hack. These hackers have disguised malware as job postings from popular crypto exchanges.

This is done by using well-designed and legitimate-looking PDF documents displaying open advertisements for various positions, such as Art Director-Concept Art (NFT) in Singapore.

According to a SentinelOne report, this new crypto job lure involved targeting other victims by contacting them through Lazarus’ LinkedIn messages.

Giving details about the hacking campaign, SentinelOne stated,

While it’s not clear at this point how the malware is distributed, previous reports suggest that the threat actors lured victims with targeted messages on LinkedIn.

These two fake job postings are just the latest in a series of attacks dubbed Operation In(ter)ception, which in turn is part of a larger campaign within a larger hacking operation called Operation Dream Job.

Related reading: STEPN collaborates with DonationBlock to enable crypto-donations for organizations

Less clarity about malware distribution

The security company investigating the matter mentioned that it is still unclear how the malware spreads.

In terms of technicalities, SentinelOne said the first stage dropper is the Mach-O binary, which is the same as the template binary used in the Coinbase variant.

The first step consists of creating a new folder in the user’s library that drops the persistence agent.

The primary purpose of the second stage is to extract and execute the third stage binary, which acts as a downloader from the C2 server.

The instruction reads,

Threat actors have not attempted to encrypt or obfuscate any binaries, possibly indicating short-term campaigns and/or little fear of detection by targets.

SentinelOne also mentioned that Operation In(ter)ception also appears to be expanding its targets from users of cryptocurrency exchanges to their employees, as it appears to be “what may be a concerted effort to conduct espionage and cryptocurrency theft.”

Bitcoin price was $19,400 on a one-day chart | Source: BTCUSD on TradingView

Receive $10 in Bitcoin when you buy or sell $100 or more on Coinbase!

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Latest Posts