Lazarus Hackers Target Apple Mac Users With Fake Jobs

Notorious in North Korea Lazarus hacking group is back in action, targeting Apple mac users with fake job e-mails containing malicious files.



Researchers from cybersecurity firm ESET posted a screenshot on Twitter showing fake job openings from leading crypto exchange Coinbase by Lazarus, famous for spreading the WannaCry ransomware worldwide in 2017.

The fake vacancy was for a technical manager, product security, at Coinbase.

“A signed Mac executable disguised as a feature description for Coinbase was uploaded to VirusTotal from Brazil. This is a copy of Operation by Lazarus for Mac,” the ESET researchers wrote in a tweet.

The fake job emails have an attachment containing malicious files that both Intel and Apple chip-powered Mac computers.

“Malware is compiled for both Intel and Apple Silicon. It drops three files: a decoy PDF document, a bundle and a downloader,” researchers warned.

The Mac malware campaign is new and not part of previous Lazarus campaigns.

This time “the bundle was signed on July 21 (by timestamp) using a certificate issued in February 2022 to a developer named Shankey Nohria. The application was not notarized and Apple withdrew the certificate on August 12,” the researchers note.

Last month, cybersecurity researchers linked Lazarus to stealing $100 million worth of digital tokens from Harmony, the crypto startup behind Horizon Blockchain Bridge.

The Lazarus Group has committed several major cryptocurrency thefts totaling more than $2 billion, and has recently turned its attention to Decentralized Finance (DeFi) services such as cross-chain bridges, according to London-based blockchain analytics provider Elliptic.

The same group is said to be behind the $540 million hack Ronin Bridge.

ALSO SEE :

Meet India’s Real Gully Boy: Meesho’s Vidit Aatrey Takes Entrepreneurial Dream Deep Into Bharat

Indians spend half an hour on memes every day and that has increased by 80% in the past year