North Korean hackers use signed macOS malware to target IT job seekers
Contents
North Korean hackers use signed macOS malware to target IT job seekers
Ionut Ilascu
- August 17, 2022
- 01:01 PM
- 0
North Korean hackers from the Lazarus group have been using a signed malicious executable for macOS to impersonate Coinbase and lure in employees in the financial technology sector.
While it is no surprise that they’re targeting workers at Web3 companies, details about this specific social engineering campaign so far were limited to malware for the Windows platform.
Lazarus hackers have used fake job offers in the past and in a recent operation they used malware disguised as a PDF file with details about a position at Coinbase.
The name of the false document was “Coinbase_online_careers_2022_07.” When launched, it displays the decoy PDF above and loads a malicious DLL that ultimately allows the threat actor to send commands to the infected device.
Security researchers at cybersecurity company ESET found that the hackers also had malware ready for …
Ionut Ilascu
- August 17, 2022
- 01:01 PM
- 0
North Korean hackers from the Lazarus group have been using a signed malicious executable for macOS to impersonate Coinbase and lure in employees in the financial technology sector.
While it is no surprise that they’re targeting workers at Web3 companies, details about this specific social engineering campaign so far were limited to malware for the Windows platform.
Lazarus hackers have used fake job offers in the past and in a recent operation they used malware disguised as a PDF file with details about a position at Coinbase.
The name of the false document was “Coinbase_online_careers_2022_07.” When launched, it displays the decoy PDF above and loads a malicious DLL that ultimately allows the threat actor to send commands to the infected device.
Security researchers at cybersecurity company ESET found that the hackers also had malware ready for …