Lazarus Group impersonates Coinbase to scam Web3 job seekers on macOS

impersonates Coinbase to scam Web3 job seekers on macOS

[{"selector":"#anim-3ad1982c-8cff-4452-a087-58f37186c896","keyframes":{"opacity":[0,1]},"delay":0,"duration":4000,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-c6a9c3e1-750e-4a9e-96a4-c4251513950b","keyframes":{"transform":["translate3d(0px, -77.20896%, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":4000,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-763fd730-72cd-4624-9862-2463cad0a6d9","keyframes":{"opacity":[0,1]},"delay":0,"duration":4000,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-ab0cf74b-7be2-47ef-afa4-1f78e8aab80f","keyframes":{"transform":["translate3d(-60.07068%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":4000,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-f274d3e8-7143-44fc-9a8c-c3b6f52af816","keyframes":{"opacity":[0,1]},"delay":0,"duration":4000,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-1a725e68-0bf4-4113-828f-506ca4d304a5","keyframes":{"transform":["translate3d(67.88991%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":4000,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] Lined Circle Lazarus Group, a North Korean hacker group recently sanctioned by the US, is attacking IT job seekers on macOS devices. The group impersonates Coinbase to scam people for infotheft and malware.

Web3 developers, creators, and builders who use macOS are under threat. Lazarus has been successful in finding a loophole to steal info from Apple devices after scamming people on Microsoft windows.

Usually, macOS is considered to be the safest operating system for Web3 developers but researchers have found that hackers are targeting macOS users by sending fake pdf files that contain malware.

The researchers claim Lazarus is pretending to be Coinbase, the largest exchange, on LinkedIn and other sites. They send fake interview questions and then send a .pdf file about the job details.

[{"selector":"#anim-724666f4-fe1d-4d9d-bb78-5e2e1fa57e88 [data-leaf-element=\"true\"]","keyframes":{"transform":["translate(0%, 0%) scale(1)","translate(0%, 0%) scale(1)"]},"delay":0,"duration":4000,"easing":"cubic-bezier(.3,0,.55,1)","fill":"forwards"}] As soon as the user downloaded the file named Coinbase_online_careers_2022_07 containing a malicious DLL. The malware is made with high tech that can attack devices with Intel or Apple processors.

Researchers have shared three files names that Lazarus has sent to infect endpoint as of now:

The researchers also shared that Apple failed to scan malicious content hidden inside the file, which means the hacker group seems to have found a loophole and is using it for its advantage.

IT and Web3 developers are advised to remain on guard in case a fake account disguised as Coinbase tries to contact them via job-seeking sites. Always check file sources before downloading them.

impersonates Coinbase to scam Web3 job seekers on macOS

Lazarus Group

Web3 developers, creators, and builders who use macOS are under threat. Lazarus has been successful in finding a loophole to steal info from Apple devices after scamming people on Microsoft windows.

The researchers claim Lazarus is pretending to be Coinbase, the largest exchange, on LinkedIn and other sites. They send fake interview questions and then send a .pdf file about the job details.

Researchers have shared three files names that Lazarus has sent to infect endpoint as of now:

FinderFontsUpdater.app the downloader “safarifontagent” Coinbase_online_careers_2022_07.pdf

-

-

-

IT and Web3 developers are advised to remain on guard in case a fake account disguised as Coinbase tries to contact them via job-seeking sites. Always check file sources before downloading them.