Infamous Lazarus hacking group targeting Mac users with fake job listings
Infamous North Korean hacking group Lazarus is attempting to target Apple Inc. Mac users via fake job offers. Detailed Aug. 16 by security researchers at ESET s.r.o on Twitter, the new Lazarus campaign involves phony emails impersonating Coinbase Inc. developer job listings. The fake job emails include an attachment containing malicious files that can compromise both Intel and Apple chip-powered Mac computers. The Mac malware drops three files: a decoy PDF document, a fake font updater app and a downloader called “safarifontagent.” The bundle of malicious files is timestamped July 21, indicating that the campaign is new, not part of previous Lazarus campaigns. That said, a certificate used to sign the malicious files was issued in February this year to a developer known as “Shankey Nohria.” Other differences in the new campaign include a previously known Lazarus downloader “safarifontagent” connecting to a different command and control server. The ESET researchers noted that the C&C server did not respond at the time they attempted to analyze the threat.