Researchers at SentinelOne have warned that North Korea’s Lazarus Group is using phony Crypto.com job offers to distribute macOS malware. The researchers aren’t sure how the lures are being distributed, but they suspect the attackers are sending spear phishing messages on LinkedIn.
SentinelOne notes that this campaign “appears to be extending the targets from users of crypto exchange platforms to their employees in what may be a combined effort to conduct both espionage and cryptocurrency theft.”
“Back in August,” SentinelOne’s report says, “researchers at ESET spotted an instance of Operation In(ter)ception using lures for job vacancies at cryptocurrency exchange platform Coinbase to infect macOS users with malware. In recent days, SentinelOne has seen a further variant in the same campaign using lures for open positions at rival exchange Crypto.com.
”The campaign seems to represent a kind of twofer for Pyongyang. On the one hand, it’s intended to enable cryptocurrency theft, and this is desirable as a way of redressing North Korea’s chronic shortage of funds, driven by decades of sanctions and isolation. On the other hand, it’s also useful for espionage. They’re interested in prospecting both users and employees of cryptocurrency exchanges. There’s continuity with earlier efforts that targeted cryptocurrency exchanges, notably 2018’s AppleJeus campaign.
We’ve seen this kind of thing before. Note in particular the abuse of generally trusted platforms like LinkedIn that cater to professionals and the advancement of their careers. New-school security awareness training can teach your employees to recognize phishing and other social engineering attacks. The world of cryptocurrency may not (quite) be the Wild West, but it’s not a safe corner of cyberspace, either.
Don’t get hacked by social media phishing attacks!
Many of your users are active on Facebook, LinkedIn, and Twitter. Cybercriminals use these platforms to scrape profile information of your users and organization to create targeted spear phishing campaigns in an attempt to hijack accounts, damage your organization's reputation, or gain access to your network.
KnowBe4’s Social Media Phishing Test is a complimentary IT security tool that helps you identify which users in your organization are vulnerable to these types of phishing attacks that could put your users and organization at risk.
Here's how the Social Media Phishing Test works:
Immediately start your test with your choice of three social media phishing templates
Choose the corresponding landing page your users see after they click
Show users which red flags they missed or send them to a fake login page
Get a PDF emailed to you in 24 hours with your percentage of clicks and data entered
Get in touch to find out more!