The infamous North Korean hackers known as the ‘Lazarus Group’ are at it again; this time targeting unsuspecting Apple macOS users hoping to land a dream job in the cryptocurrency industry.
Specifically, in what is the latest variant of a hacking campaign dubbed ‘Operation In(ter)ception,’ the hackers have been luring macOS users with enticing job offers at crypto exchange Crypto.com, the cybersecurity company SentinelOne said on September 26.
How the attacks were carried out
In the orchestrated attack, the hackers have disguised malware as job postings from the popular crypto exchanges, using well-designed and legit-looking decoy PDF documents advertising vacancies for positions such as Art Director – Concept Art (NFT) in Singapore.
Picks for you
Detailing the hacker campaign, SentinelOne said that:
“Although it is not clear at this stage how the malware is being distributed, earlier reports suggested that threat actors were attracting victims via targeted messaging on LinkedIn.”
According to the company’s report, the group has done the same thing back in August 2022, but this time using the fake job postings at the Coinbase crypto exchange, as spotted by researchers at another cybersecurity firm – ESET.
Malicious history of the Lazarus Group
Since 2020, the Lazarus Group has been connected with a number of enticing job offerings used to lure in their victims, including in aerospace and defense industries, in a campaign referred to as ‘Operation Dream Job’ where the primary targets were Windows users.
The group has also been involved in multiple thefts in the crypto industry, including the attack on Harmony network’s Horizon bridge in June, which forced the blockchain company to mint over 2 billion ONE tokens in an effort to compensate about 65,000 victims of the $100 million hack.
Meanwhile, the mixing service Tornado Cash has been implicated in the scandal in which the United States Treasury Department alleged that it was used by multiple hacker groups, including the Lazarus Group, to launder stolen assets, as Finbold reported.