Get all your news in one place.
100’s of premium titles.
One app.
Start reading
The Independent UK
The Independent UK
National
Graig Graziosi

North Korean hacker group Lazarus targeting Mac users with fake job ads

Copyright 2021 The Associated Press. All rights reserved

A nefarious North Korean hacking group called Lazarus is reportedly targetting Apple users through fake job offers.

Security researchers at ESET reported Tuesday that the group's latest efforts involve fake phone calls advertising Coinbase Inc developer jobs. Coinbase is a cryptocurrency exchange used by most crypto traders.

The fake job offers include an attachment with malware files that can affect Intel and Apple's Mac computers.

According to a report on Silicon Angle, the malware in the messages uses three files to compromise computers — a decoy PDF to make users think they've downloaded a legitimate attachment, a fake "font updater" app and a downloader labeled "safarifontagent”.

The files are timestamped 21 July, suggesting the attacks are new and not a continuation of a previous Lazarus attack.

Lazarus has been blamed for spreading the WannaCry ransomware attack in 2017, but has been active in other campaign since then.

In December, the group targetted Linux systems, and was linked to a theft of $615m in cryptocurrency through the hack of the Ronin Network, which is the blockchain underlying the "Axie Infinity" "play-to-earn" crypto game.

Kevin Bocek, the vice president of security strategy and threat intelligence at Venafi Inc, spoke to Silicone Angle about the recent attacks.

“This attack targeting developers with signed executables has the potential to inflict huge damage on North Korea’s rivals,” he said. “A key component of the attack is the use of a signed executable disguised as a job description. Code signing certificates have become the modus operandi for many North Korean APT groups, as these digital certificates are the keys to the castle, securing communication between machines of all kinds, from servers to applications, Kubernetes clusters and microservices.”

Best practices to avoid being a victim of a phishing attack is to double check any messages asking you to click on something and ensuring they're actually coming from legitimate sources. Criminals looking to exploit users using phishing attempts will often make emails look exactly like the organisation they claim to represent, so users should be sure to examine the actual email address sending the message and cross-check it using a search engine with the organisation's actual email addresses.

The news of the Lazarus campaign comes at the same time as an Apple disclosure that its products are currently suffering from a serious security vulnerability. The flaw affects iPhones, iPads, Mac computers and can potentially allow criminals to take control of a user's computer.

Security experts have encouraged users of the affected devices to update to the latest versions to protect themselves from the exploit.

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.