Security News > 2022 > August > North Korea Hackers Spotted Targeting Job Seekers with macOS Malware
The North Korea-backed Lazarus Group has been observed targeting job seekers with malware capable of executing on Apple Macs with Intel and M1 chipsets.
Slovak cybersecurity firm ESET linked it to a campaign dubbed "Operation In(ter)ception" that was first disclosed in June 2020 and involved using social engineering tactics to trick employees working in the aerospace and military sectors into opening decoy job offer documents.
The latest attack is no different in that a job description for the Coinbase cryptocurrency exchange platform was used as a launchpad to drop a signed Mach-O executable.
"It drops three files: a decoy PDF document 'Coinbase online careers 2022 07.pdf', a bundle 'FinderFontsUpdater.app,' and a downloader 'safarifontagent.'".
It's worth noting the malware is cross-platform, as a Windows equivalent of the same PDF document was used to drop an.
EXE file named "Coinbase online careers 2022 07.exe" earlier this month, as revealed by Malwarebytes researcher Hossein Jazi.
News URL
https://thehackernews.com/2022/08/north-korea-hackers-spotted-targeting.html
Related news
- Chinese FamousSparrow hackers deploy upgraded malware in attacks (source)
- North Korea’s fake tech workers now targeting European employers (source)
- North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages (source)
- Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool (source)
- State-Sponsored Hackers Weaponize ClickFix Tactic in Targeted Malware Campaigns (source)
- Chinese hackers target Russian govt with upgraded RAT malware (source)
- Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery (source)
- Iran-Linked Hackers Target Israel with MURKYTOUR Malware via Fake Job Campaign (source)
- North Korean Hackers Spread Malware via Fake Crypto Firms and Job Interview Lures (source)
- Iranian Hackers Maintain 2-Year Access to Middle East CNI via VPN Flaws and Malware (source)