No, Coinbase doesn’t want to offer you a job - it’s a North Korean scam
Fake job offers are still a major threat
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Infamous North Korean threat actor Lazarus Group has been spotted attempting to lure blockchain developers with fake job offers laden withmalware.
Cybersecurity researchers from Malwarebytes have discovered a new campaign in which Lazarus assumes theidentityof Coinbase, one of the world’s biggest and most popular cryptocurrency exchanges.
The criminals then reach out to blockchain developers with a job offer for the role of “Engineering Manager, Product Security", and even conduct a few interviews, to make the whole campaign more believable. At one point, however, the attackers will share a file, seemingly a PDF, with details on the alleged job position. The only thing this file has with a PDF is the icon, however, as it’s, in fact, an executable - Coinbase_online_careers_2022_07.exe. Besides the .exe, the threat actor will also deploy a malicious DLL.
Fake job offers galore
These files will then connect to GitHub, which servers as a command & control (C2) server, which shares further instructions on how to best infect theendpoint.
The “fake job offer” type of attack is nothing new. In fact, the biggest crypto theft of all time, a $600 million-heavy attack on the Ronin bridge, happened in the same manner. One of Ronin’s developers was approached, via LinkedIn, by someone pretending to be a headhunter looking for quality developers.
One thing led to another, and the victim ended up downloading a weaponized PDF file which eventually gave the attackers the keys to Ronin’s kingdom.
This latest LinkedIn scam sends fake job offers to lure victims in>An elaborate LinkedIn scam led to one of the largest heists in crypto history>Here’s our rundown of the best antivirus tools right now
The FBI pointed its finger to Lazarus Group for this attack, as well. Regardless of if it ends up being true or not, this threat actor is by no means a stranger to fake job offers. The group has already used General Dynamics and Lockheed Martin for the same purpose.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Lazarus usually attacks banks, cryptocurrency exchanges, NFT marketplaces, and sometimes people known for holding a heavy bag of cryptocurrencies.
Via:Bleeping Computer
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
A new form of macOS malware is being used by devious North Korean hackers
Scammers are using fake copyright infringement claims to hack businesses
Trying to get the AMD Ryzen 7 9800X3D CPU? It seems only scalpers have it and they’re jacking up the price
