North Korean hackers use signed macOS malware to target IT job seekers

2022-08-17 17:01

North Korean hackers from the Lazarus group have been using a signed malicious executable for macOS to impersonate Coinbase and lure in employees in the financial technology sector.

Lazarus hackers have used fake job offers in the past and in a recent operation they used malware disguised as a PDF file with details about a position at Coinbase.

Security researchers at cybersecurity company ESET found that the hackers also had malware ready for macOS systems.

The threat actor relied on the same fake job offer social engineering tactic but used a different PDF. ESET linked the recent macOS malware to Operation In(ter)ception, a Lazarus campaign that targeted high-profile aerospace and military organizations in a similar way.

Compared to the previous macOS malware attributed to the Lazarus group of hackers, ESET researchers observed that the downloader component connects to a different command and control server, which was no longer responding at the time of the analysis.

North Korean hacker groups have long been linked to cryptocurrency hacks as well as using fake job offers in phishing campaigns aiming to infect targets of interest.

News URL

https://www.bleepingcomputer.com/news/security/north-korean-hackers-use-signed-macos-malware-to-target-it-job-seekers/

#hacker #macos #malware #northkorean

News URL

Related news