IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Lazarus group targets macOS users with counterfeit crypto job offers

The hacker group previously impersonated Coinbase to lure job seekers

The outline of a skull displayed in computer code to represent malware

The infamous Lazarus group makes headlines again as the North Korean cybercrime syndicate appeared to mimic job offers from ‘Crypto.com’ to steal cryptocurrency and NFTs from unsuspecting users.

Back in August 2022, Lazarus impersonated Coinbase and marketed malicious job offers to IT workers to spread Windows and macOS malware.

Related Resource

Cyber resiliency and end-user performance

Reduce risk and deliver greater business success with cyber-resilience capabilities

Whitepaper cover with title and text, and image of pyramid cyber-resilience modelFree Download

The cybercrime group is now masquerading job offers from Crypto.com. The ongoing phishing campaign, by far, targets macOS users. Per reports, the malware is identical to that found in fake Coinbase job postings. 

Akin to previous macOS campaigns, the Lazarus group approached its targets via LinkedIn to send a macOS binary masked as a PDF containing a 26-page PDF file named 'Crypto.com_Job_Opportunities_2022_confidential.pdf' comprising counterfeit job vacancies at Crypto.com.

“Consistent with observations in the earlier campaign, this PDF is created with MS Word 2016, PDF version 1.5. The document author is listed as ‘UChan’,” confirmed Sentinel One in a report.

“The first stage malware opens the PDF decoy document and wipes the Terminal’s current savedState.”

“The second stage in the Crypto.com variant is a bare-bones application bundle named ‘WifiAnalyticsServ.app’; this mirrors the same architecture seen in the Coinbase variant, which used a second stage called ‘FinderFontsUpdater.app’,” explained Sentinel One.

However, despite the scope of the attack, Sentinel revealed Lazarus’ campaign is supposedly short-termed as the binaries are devoid of any encryption.

Featured Resources

2022 State of the multi-cloud report

What are the biggest multi-cloud motivations for decision-makers, and what are the leading challenges

Free Download

The Total Economic Impact™ of IBM robotic process automation

Cost savings and business benefits enabled by robotic process automation

Free Download

Multi-cloud data integration for data leaders

A holistic data-fabric approach to multi-cloud integration

Free Download

MLOps and trustworthy AI for data leaders

A data fabric approach to MLOps and trustworthy AI

Free Download

Most Popular

Empowering employees to truly work anywhere
Sponsored

Empowering employees to truly work anywhere

22 Nov 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

15 Nov 2022
The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

14 Nov 2022