North Korea-based hacking group, Lazarus, has started a social engineering campaign targeting potential financial industry employees using Coinbase as bait. The hackers are posting ads for Coinbase job offers on sites like LinkedIn to lure job-seeking candidates by presenting fake job offers.
According to Malwarebyte, which has been regularly monitoring Lazarus since February 2022, the hacking organization has now adopted social engineering hacking, in which it contacts potential candidates for positions like “Engineering Manager, Product Security” while posing as a representative of Coinbase.
Known by different monikers, such as Guardians of Peace or Whois Team, the North Korea-based Lazarus group initiated many attacks between 2010 and 2021. However, the latest social engineering attack primarily targets job seekers on websites like LinkedIn using Coinbase job offers as bait. The hackers run the campaign via LinkedIn and reach out to candidates looking for jobs in the fintech industry.
After making the candidate comfortable with wheedling, the hackers send a fake PDF file to them, which is an actual malicious executable attached to the PDF icon. In a Tweet shared by the Malwarebyte threat Intel researcher, Jazi, we can see that the files name described by the hacker is “Engineering Manager, Product Security.” However, upon close inspection, the actual name of the executable file is “Coinbase_online_careers_2022_07.exe”.
In a similar Tweet shared by Jazi on January 27th, 2022, Lazarus seems to be using the same method but using General Dynamics Electric Boat as bait for targets. In both cases, the executable file will open and use GitHub as the command-and-control server to target the individual device.
The Crypto market is currently flourishing, and many companies like Coinbase are popular among people. The hackers are simply cashing on the trend, and the social engineering attacks seem to work because many people are searching for jobs now. Hacking organizations like Lazarus are winning the bid by providing a chance for employment in companies like Coinbase.
AI fraud, deepfake probes, SME cyber warnings, and ransomware cases highlight rising global risks in this week’s Cyber Express roundup.
French national bank authority confirmed a major data breach affecting 1.2 million bank accounts after a malicious actor stole credentials…
The real success of AI will not only depend on how powerful the technology becomes, but on how safely, fairly,…
Israel data breach totals two petabytes, with phishing up 35% and cyber influence attacks rising 170%, says Yossi Karadi.
The UMMC cyberattack halted surgeries, closed clinics statewide and triggered a federal probe into potential patient data exposure.
ESET researchers discovered PromptSpy, the first known Android malware to integrate generative AI directly into its execution flow, marking a…
This website uses cookies. By continuing to use this website you are giving consent to cookies being used.
Read More
View Comments