KEEPNET LABS > Blog > Job Seekers Targeted in Lazarus Group Hack

Job Seekers Targeted in Lazarus Group Hack

The state-backed Lazarus group in North Korea is targeting job seekers with malware that can run on Apple Macs. The malware was compiled for both Intel and Apple Silicon chipsets, according to security firm ESET. It removed the signed Mach-O executable file from a fake document.

Job Seekers Targeted in Lazarus Group Hack

The state-backed Lazarus group in North Korea is targeting job seekers with malware that can run on Apple Macs with Intel and M1 chipsets. Slovak-based cyber security firm ESET, the first of these events opened to the public in June 2020 “Operation In (ter)ception named” tied to a campaign, and military and aerospace sectors, by using social engineering tactics to trick employees forced to open fake documents. to get job ads.

The latest attack is no different from the fact that Coinbase’s job description for the cryptocurrency exchange was used as a launch vehicle to remove the signed Mach-O executable file. The company tweeted: “The malware was compiled for both Intel and Apple Silicon. Deletes three files: fake PDF document “Coinbase_online_careers_2022_07″. pdf”, FinderFontsUpdater package. application” and the downloader “safarifontagent”. “The bait is durable, but also durable. The PDF extension is actually the Mach-O executable that acts as a dropper to run the finder-fonts updater, which in turn runs safarifontsagent, an installer designed to receive loads in the next step from a remote server.

Join
Our Newsletter

Sign up to learn about the latest threats, hacking methods, and news.