Lazarus group targets macOS users with counterfeit crypto job offers
The hacker group previously impersonated Coinbase to lure job seekers

The infamous Lazarus group makes headlines again as the North Korean cybercrime syndicate appeared to mimic job offers from ‘Crypto.com’ to steal cryptocurrency and NFTs from unsuspecting users.
Back in August 2022, Lazarus impersonated Coinbase and marketed malicious job offers to IT workers to spread Windows and macOS malware.
RELATED RESOURCE
Cyber resiliency and end-user performance
Reduce risk and deliver greater business success with cyber-resilience capabilities
The cybercrime group is now masquerading job offers from Crypto.com. The ongoing phishing campaign, by far, targets macOS users. Per reports, the malware is identical to that found in fake Coinbase job postings.
Akin to previous macOS campaigns, the Lazarus group approached its targets via LinkedIn to send a macOS binary masked as a PDF containing a 26-page PDF file named 'Crypto.com_Job_Opportunities_2022_confidential.pdf' comprising counterfeit job vacancies at Crypto.com.
“Consistent with observations in the earlier campaign, this PDF is created with MS Word 2016, PDF version 1.5. The document author is listed as ‘UChan’,” confirmed Sentinel One in a report.
“The first stage malware opens the PDF decoy document and wipes the Terminal’s current savedState.”
“The second stage in the Crypto.com variant is a bare-bones application bundle named ‘WifiAnalyticsServ.app’; this mirrors the same architecture seen in the Coinbase variant, which used a second stage called ‘FinderFontsUpdater.app’,” explained Sentinel One.
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
However, despite the scope of the attack, Sentinel revealed Lazarus’ campaign is supposedly short-termed as the binaries are devoid of any encryption.
-
RSAC Conference 2025: The front line of cyber innovation
ITPro Podcast Ransomware, quantum computing, and an unsurprising focus on AI were highlights of this year's event
-
Anthropic CEO Dario Amodei thinks we're burying our heads in the sand on AI job losses
News With AI set to hit entry-level jobs especially, some industry execs say clear warning signs are being ignored