North Korean cybercrime group Lazarus is luring cryptocurrency job seekers with fake jobs that infect their devices with malware. Cybersecurity firm SentinelOne published a blog on September 26 highlighting how the Lazarus group is using LinkedIn to get in touch with people looking for jobs with fake offers to work on the cryptocurrency exchange platform, Crypto.com.
‘Operation Dream Job’ is a fake job scam run by hackers since 2020 to cheat job seekers. As per reports, cybercriminals have been modifying the names of known companies to possibly attract specific targets with an intent to further their mission of cyber espionage. Similar to its previous campaigns, the Lazarus group is suspected of using the 26-page PDF decoy document ‘Crypto.com_Job_Opportunities_2022_confidential.pdf’ to release the malware that infects the user’s system.
The malware’s binaries run on Intel and M1 Apple silicon machines and come with an ad hoc signature. Hence, it goes safely through the radar despite not being authentic or from a known developer identity. Surprisingly, the group left the binary file open without encrypting it. This could mean they have not been doubted or detected so far as threat actors or scammers by unsuspecting job seekers.
Hence, it lies with the users of platforms like LinkedIn and others to be cautious while applying for positions at prestigious companies, especially crypto exchanges. Not opening an unsolicited message or document is paramount to keep scammers and their malware-infected content at bay.
Earlier this week, researchers found instances of ongoing cybercrime by the Lazarus group aimed explicitly at macOS users with bogus job offers. A similar cyber-attack was also detected in August this year that brought forth how a variant of the malware by the same criminal group targeted users with fake jobs at the Coinbase exchange. The scam was called Operation In(ter)ception. Its targets included aerospace and defense contractors that deal in the arms trade for the military, government, and intelligence departments.
These cases reinforce that ATM jackpotting is no longer a niche cybercrime tactic but part of organized financial crime networks.
This signals that DSA enforcement is moving beyond content moderation into deeper operational transparency.
Campaign involving network infiltration, ransomware deployment and phishing operations designed to destabilize essential services in UAE, blocked.
AI fraud, deepfake probes, SME cyber warnings, and ransomware cases highlight rising global risks in this week’s Cyber Express roundup.
French national bank authority confirmed a major data breach affecting 1.2 million bank accounts after a malicious actor stole credentials…
The real success of AI will not only depend on how powerful the technology becomes, but on how safely, fairly,…
This website uses cookies. By continuing to use this website you are giving consent to cookies being used.
Read More