Fraudulent job lures used in new Lazarus macOS malware campaign

BleepingComputer reports that individuals in the cryptocurrency industry are being targeted by the North Korean state-sponsored threat group Lazarus in a new macOS malware campaign leveraging fraudulent Crypto.com job offers in an effort to exfiltrate cryptocurrency and other digital assets. Lazarus hackers have been communicating with targets regarding job openings in Crypto.com through a direct message on LinkedIn, with targets receiving a macOS binary purporting to be a PDG containing the job vacancies, according to a report from SentinelOne. However, second- and third-stage payload files are being deployed by an included binary in the background, with the second stage payload facilitating persistence agent loading and connecting to the command-and-control server prior to final payload retrieval, noted researchers. "The threat actors have made no effort to encrypt or obfuscate any of the binaries, possibly indicating short-term campaigns and/or little fear of detection by their targets," said SentinelOne, which noted that another company may be impersonated soon by Lazarus using similar attack elements.