The infamous Lazarus Group has continued its pattern of leveraging unsolicited job opportunities to deploy malware targeting Apple’s macOS operating system.
In the latest variant of the campaign observed by cybersecurity company SentinelOne last week, decoy documents advertising positions for the Singapore-based cryptocurrency exchange firm Crypto[.]com have been used to mount the attacks.
The latest disclosure builds on previous findings from Slovak cybersecurity firm ESET in August, which delved into a similar phony job posting for the Coinbase cryptocurrency exchange platform.
Both these fake job advertisements are just the latest in a series of attacks dubbed Operation In(ter)ception, which, in turn, is a constituent of a broader campaign tracked under the name Operation Dream Job.
Although the exact distribution vector for the malware remains unknown, it’s suspected that potential targets are singled out via direct messages on the business networking site LinkedIn.
images from Hacker News