Security News > 2022 > September > Lazarus hackers drop macOS malware via Crypto.com job offers
The North Korean Lazarus hacking group is now using fake 'Crypto.com' job offers to hack developers and artists in the crypto space, likely with a long-term goal of stealing digital assets and cryptocurrency.
In August 2022, Lazarus was seen targeting IT workers with malicious job offers that impersonated Coinbase and targeted users with Windows malware or macOS malware.
In a new report by Sentinel One, the hackers have now switched to impersonating Crypto.com in their phishing attacks using the same macOS malware seen in previous campaigns.
Lazarus typically approaches their targets via LinkedIn, sending them a direct message to inform them of a lucrative job opening in a large company.
Like the previous macOS campaigns, the hackers sent a macOS binary posing as a PDF containing a 26-page PDF file named 'Crypto.com Job Opportunities 2022 confidential.
If you work on a crypto firm, be vigilant with unsolicited job offers on LinkedIn, as one moment of curiosity is enough to act as a trojan horse for your employer.
News URL
Related news
- North Korean Hackers Deploy FERRET Malware via Fake Job Interviews on macOS (source)
- Microsoft spots XCSSET macOS malware variant used for crypto theft (source)
- Hackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto Miners (source)
- Microsoft: macOS bug lets hackers install malicious kernel drivers (source)
- Russia-Linked Hackers Target Kazakhstan in Espionage Campaign with HATVIBE Malware (source)
- Hackers Hide Malware in Images to Deploy VIP Keylogger and 0bj3ctivity Stealer (source)
- Hacker infects 18,000 "script kiddies" with fake malware builder (source)
- Crazy Evil Gang Targets Crypto with StealC, AMOS, and Angel Drainer Malware (source)
- Crypto-stealing iOS, Android malware found on App Store, Google Play (source)
- SparkCat Malware Uses OCR to Extract Crypto Wallet Recovery Phrases from Images (source)