Lazarus hackers targeting Apple Mac users with fake job posts


New Delhi, Aug 22 (IANS): North Korea-based notorious Lazarus hacking group is back in action, targeting Apple Mac users with fake job emails that contain malicious files.

Researchers at cyber-security firm ESET posted a screenshot on Twitter that showed fake job listings from leading crypto exchange Coinbase by Lazarus, famous for spreading the WannaCry ransomware globally in 2017.

The fake job listing was for an engineering manager, product security, at Coinbase.

"A signed Mac executable disguised as a job description for Coinbase was uploaded to VirusTotal from Brazil. This is an instance of Operation by Lazarus for Mac," the ESET researchers posted in a tweet.

The fake job emails have an attachment containing malicious files that can compromise both Intel and Apple chip-powered Mac computers.

"Malware is compiled for both Intel and Apple Silicon. It drops three files: a decoy PDF document, a bundle and a downloader," warned researchers.

The Mac malware campaign is new and not part of previous Lazarus campaigns.

This time, "the bundle is signed July 21 (according to the timestamp) using a certificate issued in February 2022 to a developer named Shankey Nohria. The application is not notarised and Apple has revoked the certificate on August 12," the researchers noted.

Last month, cyber-security researchers linked Lazarus with stealing $100 million worth digital tokens from Harmony, the crypto startup behind Horizon Blockchain Bridge.

The Lazarus Group has perpetrated several large cryptocurrency thefts totalling over $2 billion, and has recently turned its attention to Decentralised Finance (DeFi) services such as cross-chain bridges, according to London-based blockchain analysis provider Elliptic.

The same group is believed to be behind the $540 million hack of Ronin Bridge.

 

  

Top Stories


Leave a Comment

Title: Lazarus hackers targeting Apple Mac users with fake job posts



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.