North Korea-backed cyber-criminal gang, Lazarus group has launched a fake job campaign for candidates on LinkedIn. Lazarus Group or Whois Team targets job seekers who use Apple’s Mac devices that run on Intel and M1 chipsets. The job details were uploaded to VirusTotal from Brazil. The descriptions have Mac executable codes camouflaged for the position of engineering manager.
Job seekers are lured toward phishing emails with fake promises like a position at a popular cryptocurrency exchange operator, Coinbase. Researchers at ESET found that the phishing links on these emails can spy on the users and can affect both Intel and Apple Silicon. This malware uses Interception.dll and can be effectively executed on several Mac devices.
The fake job offers have other files including a PDF document and two other executables. The executables include FinderFontsUpdater.app and safarifontsagent.
A screenshot of the job offer was posted by ESET on its Twitter that read, “We’re Coinbase. We’re the world’s most trusted way to join the crypto revolution, serving more than 89 million accounts in more than 100 countries…. we look for candidates who will thrive in a culture like ours, where we default to trust, embrace feedback, and disrupt ourselves.” The job offer is worded like those that are crafted by most companies on their websites. The candidates are enticed by the language, job description, and perks that most companies use.
The certificate that was used to spread the malware on Apple devices is revoked by Apple since ESET alerted the company. However, the malware may become effective if users who do not know about the fake job offers allow permissions to malicious apps by changing their device settings.
ESET further mentioned in its tweet that this spying campaign is part of Lazarus’s ongoing Operation In(ter)caption campaign. The Advanced Persistent Threat (APT) actor has been in eyes of cybersecurity departments across the globe for years.
AI fraud, deepfake probes, SME cyber warnings, and ransomware cases highlight rising global risks in this week’s Cyber Express roundup.
French national bank authority confirmed a major data breach affecting 1.2 million bank accounts after a malicious actor stole credentials…
The real success of AI will not only depend on how powerful the technology becomes, but on how safely, fairly,…
Israel data breach totals two petabytes, with phishing up 35% and cyber influence attacks rising 170%, says Yossi Karadi.
The UMMC cyberattack halted surgeries, closed clinics statewide and triggered a federal probe into potential patient data exposure.
ESET researchers discovered PromptSpy, the first known Android malware to integrate generative AI directly into its execution flow, marking a…
This website uses cookies. By continuing to use this website you are giving consent to cookies being used.
Read More