1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • That Coinbase job offer could actually be North Korean hackers

    From TechnologyDaily@1337:1/100 to All on Fri Aug 19 16:30:03 2022
    That Coinbase job offer could actually be North Korean hackers

    Date:
    Fri, 19 Aug 2022 15:06:14 +0000

    Description:
    Lazarus is going after more than Windows users, with macOS victims now in its crosshairs.

    FULL STORY ======================================================================

    Experts have warned that the dangerous Lazarus group is now targeting Web3 developers on Mac devices.

    The North Korean state-sponsored threat actor recently went after blockchain developers with fake lucrative job offers that turned out to be nothing more than infostealers and malware .

    While these attacks were limited to Windows users at first, cybersecurity researchers from ESET have now discovered they are expanding into Apple territory, too. Intel and Apple chips attacked

    The campaign is pretty much the same for both platforms. The group would impersonate Coinbase, one of the largest and most popular cryptocurrency exchanges in the world, and reach out to blockchain developers via LinkedIn and other platforms with a job offer. After a little back-and-forth, and a
    few rounds of interviews, the attacker would serve the victim what seems to
    be a .pdf file with the job positions details.

    The files name is Coinbase_online_careers_2022_07, and while it looks like a .pdf (icon and all), it is actually a malicious DLL that allows Lazarus to send commands to the infected endpoint. The file is compiled for Macs with both Intel and Apple processors, the researchers further discovered, suggesting that the group is after both older, and newer device models.

    Detailing the attack via Twitter, the researchers said the malware drops
    three files: the bundle FinderFontsUpdater.app, the downloader safarifontagent, anda decoy PDF called Coinbase_online_careers_2022_07.pdf. Read more

    FBI says North Korean Lazarus group was behind huge crypto theft


    No, Coinbase doesn't want to offer you a job - it's a North Korean scam


    These are the best bitcoin wallets right now

    Lazarus Group is no stranger to fake job offer attacks, and its conducted these attacks in the past with much success. In fact, one of the largest cryptocurrency heists in history, the $600+ million-heavy attack on the Ronin bridge, was done in that exact manner.

    After reaching out to a software engineer and luring him into downloading the fake .pdf file, the attackers from Lazarus found their way into the system, obtained the necessary credentials, and siphoned out millions in cryptocurrency tokens.

    In this case, however, the malware was signed on July 21, with a certificate issued to a developer going by the name Shankey Nohria. The team identifier was 264HFWQH63. While the certificate had not been revoked on August 12 when it was checked, BleepingComputer reports, the researchers did find that Apple didnt scan it for malicious components. Here's our rundown of the best endpoint protection services right now

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/that-coinbase-job-offer-could-actually-be-north -korean-hackers/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)