Lazarus Group cryptocurrency hackers infect MacOS computers

Researchers at cybersecurity company SentinelOne have reported that the North Korean hacker group Lazarus Group has started hunting for MacOS users looking for jobs in the crypto sector.

As it became known, the hackers created fake job ads on the Singaporean cryptocurrency exchange Crypto. com. People who have published their resumes to find a job are sent messages about fake vacancies with allegedly real links. If the user shows interest and opens the fraudulent link or downloads the document, the hackers infect their computer.

The scheme of attracting attention with fake jobs is not new to Lazarus Group. This is how hackers were able to steal $ 625 million from one of the largest Play2Earn games, Axie Infinity, thanks to spyware downloaded by one of the developers. The attackers sent job offers to Axie Infinity blockchain game developers via LinkedIn. The hacker plan was implemented thanks to one of the employees who was interested in the job offer (apparently from a fake company). The developer went through several stages of an online interview and then received a «job offer» letter in the form of a PDF document, which contained the software that allowed the hackers to take control of 4 out of 9 validators.