Security News > 2022 > August > North Korean hackers use signed macOS malware to target IT job seekers
North Korean hackers from the Lazarus group have been using a signed malicious executable for macOS to impersonate Coinbase and lure in employees in the financial technology sector.
Lazarus hackers have used fake job offers in the past and in a recent operation they used malware disguised as a PDF file with details about a position at Coinbase.
Security researchers at cybersecurity company ESET found that the hackers also had malware ready for macOS systems.
The threat actor relied on the same fake job offer social engineering tactic but used a different PDF. ESET linked the recent macOS malware to Operation In(ter)ception, a Lazarus campaign that targeted high-profile aerospace and military organizations in a similar way.
Compared to the previous macOS malware attributed to the Lazarus group of hackers, ESET researchers observed that the downloader component connects to a different command and control server, which was no longer responding at the time of the analysis.
North Korean hacker groups have long been linked to cryptocurrency hacks as well as using fake job offers in phishing campaigns aiming to infect targets of interest.
News URL
Related news
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- North Korean Hackers Target macOS Using Flutter-Embedded Malware (source)
- North Korean hackers create Flutter apps to bypass macOS security (source)
- North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn (source)
- North Korean govt hackers linked to Play ransomware attack (source)
- North Korean hackers pave the way for Play ransomware (source)
- North Korean hackers employ new tactics to compromise crypto-related businesses (source)
- Unpatched Mazda Connect bugs let hackers install persistent malware (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)