8/6/2023 0 Comments Lazarus group mac based attack4 by Malwarebytes threat intelligence researcher Jazi, according to ESET. Operation In(ter)ception also has a companion Windows version of the malware using the same decoy & seen on Aug. 2022 to a developer named Shankey Nohria & which was revoked by Apple on Aug. The malware is similar to a sample discovered by ESET in May, which also included a signed executable disguised as a job description, was compiled for both Apple & Intel, and dropped a PDF decoy, researchers said.Īlso, the most recent malware is signed July 21, according to its timestamp, which means it is either something new or a variant of the previous malware. “It drops 3 files: a decoy PDF document Coinbase_online_careers_2022_07.pdf, a bundle httpFinderFontsUpdaterapp & a downloader safarifontagent.” “Malware is compiled for both Intel & Apple Silicon,” according to one of the tweets. The campaign, identified by researchers from ESET Research Labs & revealed in a series of tweets posted Tues., impersonates crypto-currency trader Coinbase in a job description claiming to seek an engineering manager for product security, researchers revealed.ĭubbed Operation In(ter)ception, the recent campaign uses a signed Mac executable disguised as a job description for Coinbase, which researchers discovered uploaded to Virus Total from Brazil, they observed. The malicious Mac executable used in the campaign targets both Apple & Intel chip-based systems. Korean APT Lazarushas launched a cyber-espionage campaign targeting engineers with a false job posting that attempts to spread macOS malware.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |