New Delhi, Aug 22 : The North Korean-based notorious Lazarus hacker group has returned in action with a new attack on Apple Mac users with fake job emails that contain malware-laden files.Researchers from the security company ESET posted a photo on Twitter that displayed fake job ads from the leading cryptocurrency exchange Coinbase by Lazarus famous for spreading WannaCry ransomware across the globe in 2017.
The fake job advertisement was for an engineer manager in product security at Coinbase.
“A authenticated Mac executable disguised as an employment description for Coinbase was uploaded to VirusTotal from Brazil.
This is an example of Operation by Lazarus for Mac,” the ESET researchers shared in tweet.
The fake emails contain an attachment with malware that can harm both Intel and Apple chip-powered Mac computers.
“Malware is built for both Intel and Apple Silicon.It releases three files that include a decoy PDF document as well as a bundle, and an application for downloading,” warned researchers.
The Mac malware campaign is brand new and is not an element of previous Lazarus campaigns.
The latest time “the bundle was signed on July 21 (according to the time stamp) using an official certificate that was issued in the month of February in 2022 to the developer Shankey Nohria.
The application was not notarized and Apple has cancelled the certificate on August 12,” the researchers noted.
Last month, cyber-security experts identified Lazarus with the theft of $100 million worth of digital tokens from Harmony the crypto company behind the Horizon Blockchain Bridge.
The Lazarus Group has perpetrated several large cryptocurrency thefts that total over $2 billion and recently focused its attention on Decentralised Finance (DeFi) services like cross-chain bridges, according to the London-based blockchain analysis company Elliptic.
This same group may be responsible for the hack of $540 million of Ronin Bridge.
na/dpb
