Researchers discovered the North Korean Lazarus hackers have been targeting Apple Mac users. The group has been posting fake job advertisements containing malicious files that infect users’ MacBooks.
North Korean Lazarus Hackers Target Mac Users
According to the Business Standard, researchers at ESET, a cyber-security firm, posted a screenshot on Twitter showing fake job listings apparently posted from crypto exchange Coinbase. Lazarus, a hacking group famous for spreading the WannaCry ransomware globally in 2017, posted the job listings. The advertisements sought to recruit an engineering manager, supposedly for Coinbase.
The hackers posted the job listings on VirusTotal from Brazil. At first, these appear to be legitimate job postings. However, the researchers learned they contained a signed Mac executable capable of compromising both Intel and Apple Silicon Macs. According to the researchers, this modus operandi is typical of operations of the Lazarus group when attacking Macs.
Malware Affects Both Intel and Apple Silicon Macs
The researchers warned that “malware is compiled for both Intel and Apple Silicon. It drops three files: a decoy PDF document, a bundle, and a downloader.” The report also noted that the Mac malware campaign is new and not part of any previous Mac campaigns executed by the Lazarus group.
Based on the timestamp found on the malicious files, the bundle was signed July 21 and used a certificate issued in Feb. 2022 to a developer named Shankey Nohria. The researchers also noted that the application was not notarised and Apple revoked the certificate on Aug. 21.
Lazarus Hackers’ Other Conquests
The Lazarus group recently made headlines because of the various campaigns it staged against the cryptocurrency world. Last month alone, cyber-security researchers linked the group to the stealing of digital tokens worth $100 million. The digital tokens belonged to Harmony, the crypto startup behind Horizon Blockchain Bridge.
The group was also responsible for several large cryptocurrency thefts amounting to more than $2 billion. In addition, reports said that the group also hacked the Ronin Bridge, which caused the loss of more than $540 million.
As usual, cryptocurrency was involved.