New information has led researchers to believe that the Lazarus threat actor group has expanded its campaign leveraging fake job opportunities to lure cryptocurrency professionals. The fake job profiles have been extended to cryptocurrency exchanges that mislead job seekers into downloading malware. The attack is targeting macOS users, according to security researchers. SentinelOne released a new report on the addition to the campaign, stating that the victims are initially contacted by fake profiles created by Lazarus on Linkedin messaging.
The original campaign was discovered last month after security researchers found that Lazarus was using Coinbase job openings to trick macOS users into downloading malicious content. The campaign has also expanded to include fraud job postings at Crypto.com. Lazarus has ties to the North Korean state and has been targeting cryptocurrency exchanges since 2018 via different methods of attack.
Read More: Lazarus Lures Aspiring Crypto Pros With Fake Exchange Job Postings