Lazarus, one of the most famous hacker gangs in the world, which is suspected to be North Korean hackers, has started posting fake job ads to lure in Web3 developers on Mac Devices. The group is now targeting those that want to get an IT job.
Hackers are Trying to Target Web3 Developers Using Mac Devices by Using Fake Job Ads
As technology and cybersecurity have progressed, hackers have also tried to get craftier in order to find unlucky victims and exploit them. Aside from governments, offices, corporations, and businesses, it seems like the Lazarus group is shifting its focus on Web3 developers that are using Mac devices.
According to the story by Tech Radar, the threat actor, which was said to be state-sponsored by North Korea, has tried to go after blockchain developers by offering them lucrative job offers. The job offers, however, were just a front for info stealers and even malware.
Cybersecurity Researchers have Found Attacks Expending to Apple Users as Well
Initially, those types of attacks were first limited to just Windows users, but ESET cybersecurity researchers have found out that the attacks are now expanding past Windows and into Apple territory as well.
The attack campaign is pretty similar for both Windows and Apple users. The Lazarus group would basically try to impersonate Coinbase and reach out to different blockchain developers through LinkedIn and other platforms to offer them a job.
Once Hackers Gain Rapport, They Have Victims Download a Malicious DLL to Infect Their Computer
After a few rounds of the “interview,” the attackers would then send the victim a .pdf file that would allegedly contain the position’s details. The problem, however, is that this is not a PDF file but rather a malicious DLL that will allow the group to send commands directly to the infected endpoint.
As per researchers, the file is capable of running itself on both Intel and Apple processor-powered Macs. This means that the group is trying to go after not just older but also newer device models.
Lazarus Saw Big Success When They Launched a $600 Million Attack on the Ronin Bridge
A detailed thread was uploaded to Twitter sharing how the malware would drop three different files. The field includes the FinderFontsUpdated.app bundle, the safarifontagent downloader, and the “Coinbase_online_careers_2022_07.pdf” decoy.
The Lazarus Group is in no way new to the game and has already pulled off several successful digital heists in the past. One of their highlights includes the $600 million attack on the Ronin bridge.
#ESETresearch #BREAKING A signed Mac executable disguised as a job description for Coinbase was uploaded to VirusTotal from Brazil 🇧🇷. This is an instance of Operation In(ter)ception by #Lazarus for Mac. @pkalnai @dbreitenbacher 1/7 pic.twitter.com/dXg89el5VT
— ESET research (@ESETresearch) August 16, 2022
How the Lazarus Group Stole Millions Worth of Crypto Tokens
The group did this by trying to lure a software engineer into downloading the fake files. Attackers were then able to find their way directly into the system, which allowed them to obtain the necessary credentials as well as siphoned millions in crypto tokens.
According to Bleeping Computer, the macOS malware carried a certificate to a developer that goes by Shankey Nohria with the 264HFWQH63 team identifier.
This article is owned by Tech Times
Written by Urian B.
ⓒ 2022 TECHTIMES.com All rights reserved. Do not reproduce without permission.