coinbase, cryptocurrency, fintech, lazarus group, north korea, social engineering

A new social engineering campaign by the notorious North Korean Lazarus hacking group has been discovered, with the hackers impersonating Coinbase to target employees in the fintech industry.

A common tactic the hacking group uses is to approach targets over LinkedIn to present a job offer and hold a preliminary discussion as part of a social engineering attack.

According to Hossein Jazi, a security researcher at Malwarebytes who has been following Lazarus activity closely since February 2022, the threat actors are now pretending to be from Coinbase, targeting candidates suitable for the role of “Engineering Manager, Product Security.”

Coinbase is one of the world’s largest cryptocurrency exchange platforms, allowing Lazarus to lay the ground for a lucrative and enticing job offer at a prestigious organization.

When victims download what they believe to be a PDF about the job position, they are actually getting a malicious executable using a PDF icon. In this case, the file is named “Coinbase_online_careers_2022_07.exe,” which will display the decoy PDF document shown below when executed while also loading a malicious DLL.

coinbase, cryptocurrency, fintech, lazarus group, north korea, social engineering

Decoy PDF displayed when running fake PDF executable(@h2jazi)

Once executed, the malware will use GitHub as a command and control server to receive commands to perform on the infected device.

This attack chain is similar to one documented by Malwarebytes in a blog post at the start of the year.

Jazi told Bleeping Computer that Lazarus follows similar tactics and methods to infect their targets with malware, and the individual phishing campaigns feature infrastructure overlaps.

Other campaigns conducted by Lazarus in the past using fake job offers were for General Dynamics and Lockheed Martin.

Lazarus hackers targeting crypto

State-sponsored North Korean hacking groups are known for launching financially motivated attacks against banks, cryptocurrency exchanges, NFT marketplaces, and individual investors with significant holdings.

Earlier in the year, U.S. intelligence services warned about Lazarus spreading trojanized cryptocurrency wallets and investment apps that steal people’s private keys and siphon their holdings.

In April, the U.S. Treasury and the FBI linked stolen cryptocurrency from the blockchain-based game Axie Infinity to Lazarus, holding them responsible for stealing over $617 million worth of Ethereum and USDC tokens.

As revealed later, in July, the Axie Infinity hack was made possible thanks to a laced PDF file that supposedly contained the details of a lucrative job offer sent to one of the blockchain’s engineers.

Opening the file infected the engineer’s computer, enabling Lazarus to raise their privileges and move laterally in the firm’s network, eventually locating a vulnerability in the Ronin Bridge and triggering an exploit.

This same type of attack is likely what Lazarus is hoping to achieve in the latest Coinbase-lured campaign, as it would only take a single person in a company to open the PDF and enable the hackers to gain initial access to the corporate network.

TECH NEWS RELATED

Relax, the EU’s scary USB-C rule won’t rob you of fast-charging benefits

The EU lawmakers have approved a new mandate that will require a wide range of electronic devices to adopt the USB–C standard for charging. The European Parliament’s overwhelming decision covers everything from smartphones and laptops to digital cameras and wireless earbuds. Contents It reads scary, but don’t worry! Everyone wins ...

View more: Relax, the EU’s scary USB-C rule won’t rob you of fast-charging benefits

Twitter surges after report Musk will go through with deal

Shares of Tesla Inc pared early gains while Twitter Inc surged on Tuesday after a report that billionaire Elon Musk is expected to propose going ahead with his takeover of the social media platform at $54.20 per share. Twitter jumped almost 13% to $47.93 before the stock was halted ...

View more: Twitter surges after report Musk will go through with deal

HCL Tech to scale up Brazil ops, to hire 1,000 people in 2 yrs

AgenciesIT company HCL Tech plans to hire 1,000 people in Brazil in the next two years and will also open a new technology centre in Campinas, the company said on Tuesday. HCL Tech is scaling up its operations to serve its growing local and global client base across industries.“Our commitment ...

View more: HCL Tech to scale up Brazil ops, to hire 1,000 people in 2 yrs

US connected devices player Silicon Labs to triple India headcount

ETtechUS wireless technology company Silicon Labs plans to triple its India headcount as it gears up to capture the booming connected devices market across countries as offerings like ‘smart home’, leveraging internet of things (IoT) concepts, find faster adoption among consumers.The company plans to take its India office headcount to ...

View more: US connected devices player Silicon Labs to triple India headcount

Twitter trading suspended on possible Musk buyout deal

ETtechThe New York Stock Exchange on Tuesday suspended trading of Twitter shares following a Bloomberg report on a possible new takeover offer for the social network by Elon Musk, at the price originally agreed in April.Twitter’s stock had been suspended for a first time for five minutes, then soared 18 ...

View more: Twitter trading suspended on possible Musk buyout deal

Four (4) Reasons Why You Should Pre-order The Google Pixel 7 Pro, Five (5) Reasons Why You Should Wait

October 6th is just around the corner and we are about to witness another Google launch event. At the event dubbed “Made By Google”, Google will announce their latest flagship phones, the Google Pixel 7 and the Google Pixel 7 Pro. Together with the announcement of the smartphones, other Google ...

View more: Four (4) Reasons Why You Should Pre-order The Google Pixel 7 Pro, Five (5) Reasons Why You Should Wait

Let’s hunt for easter eggs in the Super Mario Bros. movie poster

Nintendo has announced an upcoming Nintendo Direct where it will properly reveal the new Super Mario Bros. movie to the world for the first time. And while many people (or at least myself) continue to quake in fear at what the voice cast will sound like, Nintendo has whetted our ...

View more: Let’s hunt for easter eggs in the Super Mario Bros. movie poster

Harpoon heads, sweeping tails: How predatory mosquito larvae capture prey

In this side-by-side image, at left, a Psorophora ciliata larva strikes a prey larva, exhibiting a unique, sudden neck extension to launch its head away from its body and toward the prey. At right, a Sabethes cyaneus larva attacks a prey larva by using its tail to sweep the ...

View more: Harpoon heads, sweeping tails: How predatory mosquito larvae capture prey

Positive Foxconn Q4 guidance stems from strong iPhone 14 Pro demand

Walmart Joins Roblox Into the Metaverse to Stir Up Customers' Buying Experience

Elon Musk plans to go ahead with US$44 billion Twitter buy-out after trying to back out, report says

Buy Samsung Galaxy Z Fold 4 For Just $799.99: Here's How to Save a Whopping $1,000 With No Trade-In

Research attributes pseudonymous astronomical treatise to Galileo Galilei

Foreign object debris seen during Mars Ingenuity helicopter's 33rd flight (Video)

Scientists identify potential source of 'shock-darkened' meteorites, with implications for hazardous asteroid deflection

Musk proposes to buy Twitter for original offer price of $54.20 a share

Optus confirms 2.1 million ID numbers exposed in data breach

The Best Tech For a Spooky Halloween

SteelSeries Launches Its Next-Gen Apex Pro TKL Keyboards

Don't Use a Rusty Trailer as Your Rear Wheels

OTHER TECH NEWS

Top Car News Car News