A North Korea-based hacking group is targeting Mac users with fake job emails in a new cyber campaign, cybersecurity company ESET revealed on Tuesday, August 16.
A job posting purported to be from Coinbase, the largest cryptocurrency exchange in the US, has been circulating on the internet, but it was originally created by the North Korean hacking group Lazarus.
ESET researchers shared on Twitter a screenshot of the fake job advertisement, in which Coinbase impersonators appear to be seeking an “engineering manager for product security.”
“A signed Mac executable disguised as a job description for Coinbase was uploaded to VirusTotal from Brazil. This is an instance of Operation In(ter)ception by #Lazarus for Mac,” ESET said in a tweet.
VirusTotal, owned by Google, is a free service that analyzes suspicious files and URLs that might be malicious.
#ESETresearch #BREAKING A signed Mac executable disguised as a job description for Coinbase was uploaded to VirusTotal from Brazil 🇧🇷. This is an instance of Operation In(ter)ception by #Lazarus for Mac. @pkalnai @dbreitenbacher 1/7 pic.twitter.com/dXg89el5VT
— ESET research (@ESETresearch) August 16, 2022
The Lazarus group is a North Korean cybercrime organization believed to be supported by the Kim Jong-un regime.
Security researchers say they are likely to be responsible for the recent hacking of Horizon blockchain bridge, which is part of the US crypto startup Harmony, and stealing $100 million from the platform.
Lazarus is also linked to major cyber attacks, including the WannaCry ransomware outbreak that hit more than 200,000 computers in 150 countries in 2017, the 2014 breach of Sony Pictures Entertainment, attempts of hacking Lockheed Martin, and hacks of banks around the world.
