North Korean cybercrime group Lazarus is luring cryptocurrency job seekers with fake jobs that infect their devices with malware. Cybersecurity firm SentinelOne published a blog on September 26 highlighting how the Lazarus group is using LinkedIn to get in touch with people looking for jobs with fake offers to work on the cryptocurrency exchange platform, Crypto.com.
Operation Dream Job
‘Operation Dream Job’ is a fake job scam run by hackers since 2020 to cheat job seekers. As per reports, cybercriminals have been modifying the names of known companies to possibly attract specific targets with an intent to further their mission of cyber espionage. Similar to its previous campaigns, the Lazarus group is suspected of using the 26-page PDF decoy document ‘Crypto.com_Job_Opportunities_2022_confidential.pdf’ to release the malware that infects the user’s system.
The malware’s binaries run on Intel and M1 Apple silicon machines and come with an ad hoc signature. Hence, it goes safely through the radar despite not being authentic or from a known developer identity. Surprisingly, the group left the binary file open without encrypting it. This could mean they have not been doubted or detected so far as threat actors or scammers by unsuspecting job seekers.
Hence, it lies with the users of platforms like LinkedIn and others to be cautious while applying for positions at prestigious companies, especially crypto exchanges. Not opening an unsolicited message or document is paramount to keep scammers and their malware-infected content at bay.
Earlier this week, researchers found instances of ongoing cybercrime by the Lazarus group aimed explicitly at macOS users with bogus job offers. A similar cyber-attack was also detected in August this year that brought forth how a variant of the malware by the same criminal group targeted users with fake jobs at the Coinbase exchange. The scam was called Operation In(ter)ception. Its targets included aerospace and defense contractors that deal in the arms trade for the military, government, and intelligence departments.