The state-backed Lazarus group in North Korea is targeting job seekers with malware that can run on Apple Macs. The malware was compiled for both Intel and Apple Silicon chipsets, according to security firm ESET. It removed the signed Mach-O executable file from a fake document.
The state-backed Lazarus group in North Korea is targeting job seekers with malware that can run on Apple Macs with Intel and M1 chipsets. Slovak-based cyber security firm ESET, the first of these events opened to the public in June 2020 “Operation In (ter)ception named” tied to a campaign, and military and aerospace sectors, by using social engineering tactics to trick employees forced to open fake documents. to get job ads.
The latest attack is no different from the fact that Coinbase’s job description for the cryptocurrency exchange was used as a launch vehicle to remove the signed Mach-O executable file. The company tweeted: “The malware was compiled for both Intel and Apple Silicon. Deletes three files: fake PDF document “Coinbase_online_careers_2022_07″. pdf”, FinderFontsUpdater package. application” and the downloader “safarifontagent”. “The bait is durable, but also durable. The PDF extension is actually the Mach-O executable that acts as a dropper to run the finder-fonts updater, which in turn runs safarifontsagent, an installer designed to receive loads in the next step from a remote server.
