A new social engineering campaign by the notorious North Korean Lazarus hacking group has been discovered, with the hackers impersonating Coinbase to target employees in the fintech industry.
Coinbase is one of the largest cryptocurrency platforms for buying, selling, transferring and storing digital currency. Due to Coinbase’s popularity, Lazarus was able to draw victims with a lucrative and attractive job offer at the prestigious organisation.
A typical strategy the hacking bunch utilizes is to move toward focuses over LinkedIn to introduce a bid for employment and have a starter conversation as a feature of social engineering attacks.
At the point when casualties download what they accept to be a PDF about the gig position, they are really getting a malignant executable utilizing a PDF symbol. For this situation, the record is named “Coinbase_online_careers_2022_07.exe,” which will show the bait PDF report displayed underneath when executed while likewise stacking a pernicious DLL.
Once executed, the malware will use GitHub as a command and control server to receive commands to perform on the infected device.
This assault tie is like one recorded by Malwarebytes in a blog entry toward the beginning of the year.
Jazi told Bleeping Computer that Lazarus follows comparable strategies and techniques to taint their objectives with malware, and the individual phishing efforts include framework covers.
