Start your day with intelligence. Get The OODA Daily Pulse.

APT Lazarus Targets Engineers with macOS Malware

North Korean advanced persistent threat actor Lazarus is leveraging the current popularity of the blockchain and cryptocurrency industry to target organizations and individuals running Apple and Intel-based systems. The cyber espionage campaign recently identified consists of Lazarus deploying fake job postings for Coinbase. The job posting contains a malicious Mac executable and was identified by ESET Research Labs. The organization posted a series of tweets on Tuesday explaining the campaign and how the threat actor impersonates Coinbase.

The illegitimate job posting advertises an open engineering manager role for product security, according to researchers. The campaign has been dubbed Operation In(ter)ception by security researchers. Researchers found that the malicious executable drops three files. One is a decoy PDF document claiming to be from Coinbase, a bundle, and a downloader. The malware is similar to another sample that was found by ESET in May. This sample was also identified being used in a similar campaign, however, the latest sample is dated July 21, meaning that it is likely a new version of an older model.

Read More: APT Lazarus Targets Engineers with macOS Malware