Hacker Group Lazarus Targets Users Via Coinbase Job Posts
- The malware campaign prompts members of the crypto community to download a PDF.
- Lazarus is a hacker group supported financially by the North Korean government.
Crypto.com, a cryptocurrency exchange, has been the latest victim of a hacking group called Lazarus.
According to a report by cyber security company Sentinel One. The malware campaign prompts members of the crypto community to download a PDF document. Advertising available positions at Crypto.com, such as an Art Director position in Singapore.
When a potential employee clicks on a link for a PDF job description. They may be tricked into downloading malware that may steal their personal information and even bank details. In a separate operation, Lazarus sent direct message job offers on LinkedIn to people they hoped would be interested in working as Engineering Managers for Coinbase’s Product Security teams in August.
26-page PDF Document
Three files containing the virus were packaged together. And presented as a resume for a position at Coinbase, as shown by security company ESET. While the group’s precise goals remain a mystery, it is widely believed that acquiring access to cryptocurrency cash and private information on exchanges is a top concern.
Lazarus’s standard method of contact is a LinkedIn direct message offering the recipient a high-paying position at a major corporation. Following the same pattern as prior macOS operations, the hackers sent a binary file that falsely claimed to be a PDF and included a 26-page PDF file entitled “Crypto.com Job Opportunities 2022 confidential.pdf,” purporting to provide open positions at Crypto.com in 2022.
Lazarus, a hacker group supported financially by the North Korean government, is suspected of stealing over $600 million worth of currencies from cryptocurrency firms.
Recommended For You: