1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Fake Crypto.com job offers targeting developers and artists to sp

    From TechnologyDaily@1337:1/100 to All on Wed Sep 28 16:15:04 2022
    Fake Crypto.com job offers targeting developers and artists to spread malware

    Date:
    Wed, 28 Sep 2022 15:06:58 +0000

    Description:
    Lazarus Group is at it again, targeting workers in the crypto industry with devious malware.

    FULL STORY ======================================================================

    Infamous North Korean threat actor Lazarus Group has been spotted targeting software developers and artists in the blockchain space with fake job offers.

    Researchers from cybersecurity firm Sentinel One found the groups Operation In(ter)ception, kicked off in 2020, is still active, and still looking for gullible software developers and artists.

    The premise is the same: the group will create fake accounts on LinkedIn, Twitter, and other social media usually used by developers and artists, and will start reaching out to them, offering almost-too-good-to-be-true job positions. The victims that grab the bait will usually go through a couple of fake interviews, just to add to the credibility of the process. Finally,
    after a few rounds, the victim will be sent a file that is supposed to hold more details about the potential position. In reality, though, the file is a malware dropper. Fake Crypto.com jobs

    In this particular case, Lazarus is impersonating Crypto.com, one of the worlds largest and most popular cryptocurrency exchanges.

    The file being shared is titled 'Crypto.com_Job_Opportunities_2022_confidential.pdf. It is a macOS binary that, when run, creates a folder WifiPreference in the users Library directory, where it would later drop stage two and stage three files. Stage two deploys WifiAnalyticsServ.app, which loads a persistence agent wifianalyticsagent, finally moving to stage threes WiFiCloudWidget, pulled from market.contradecapital[.]com C2. Read more

    That Coinbase job offer could actually be North Korean hackers


    FBI says North Korean Lazarus group was behind huge crypto theft


    Here are the best antivirus tools right now

    Sentinel One wasnt able to obtain a copy of the malware for analysis, given that the server was offline at the time of the investigation.

    What it did discover, is that the attackers dont expect the campaign to last very long.

    "The threat actors have made no effort to encrypt or obfuscate any of the binaries, possibly indicating short-term campaigns and/or little fear of detection by their targets," Sentinel One said. Check out the best endpoint protection services around

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/fake-cryptocom-job-offers-targeting-developers- and-artists-to-spread-malware/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)