Experts have warned that the deadly Lazarus group is now targeting Web3 developers on Mac devices.
The North Korean state-sponsored threat actor recently went after blockchain developers with bogus enticing employment offers that proved out to be nothing more than infostealers and viruses.
At initially, these attacks were only directed at Windows users; however, ESET’s researchers have found that they have begun targeting Apple computers as well.
Apple and Intel attacked
Both campaigns are similar. The organisation impersonated Coinbase, one of the world’s largest cryptocurrency exchanges, to recruit blockchain developers on LinkedIn and other networks. After several “interviews,” the attacker would serve the victim a. Job description pdf download.
Coinbase online careers 2022 07 seems like a.pdf (icon and all), but it’s a malicious DLL that lets Lazarus transmit commands to an infected destination. The file is prepared for Macs with both Intel and Apple CPUs, suggesting the organisation is seeking older and newer devices.
Researchers stated the malware drops three files: FinderFontsUpdater.app, safarifontagent, and Coinbase online careers 2022 07.pdf.
Lazarus Group has undertaken successful bogus job offer attacks before. The $600 million+ attack on the Ronin bridge was one of the greatest cryptocurrency heists in history.
Lazarus hackers tricked a developer by downloading a fake.pdf file, then stole cryptocurrency tokens.
Malware in this case was signed on July 21 by Shankey Nohria. Team ID: 264HFWQH63 The certificate wasn’t revoked on August 12, but Apple didn’t scan it for harmful components, BleepingComputer claims.