Cryptocurrency experts are being lured into Coinbase by bogus job offers from North Korean hackers.
Lazarus hackers targeting Crypto
The North Korean hacking group Lazarus has been discovered to be behind a campaign targeting companies in the fintech (financial technology) industry, according to Bleeping Computer.
Hackers engage targets through LinkedIn to engage in conversations that lead to a job offer being presented to them, clearly part of a social engineering attack.
It is natural that many applicants will naturally be interested in adding Coinbase to their resumes since it is one of the largest cryptocurrency exchange companies. In the event that the attack succeeds, however, untold amounts of crypto wallets will be seized and stolen.
Individuals from the cybergang are posing as Coinbase employees, according to Hossein Jazi, a security researcher at Malwarebytes. Scammers approach potential victims by requesting that they fill the role of “Engineering Manager, Product Security.”
Attempted Attack on Coinbase
Eventually, the individual will be asked to download a PDF containing detailed information about the job if they fall for the fake job offer. In reality, the file is actually a malicious executable that uses a PDF symbol to trick people into thinking it is a legitimate file.
If you don’t know any better, the file appears innocently-named Coinbase_online_careers_2022_07.exe. Moreover, it loads malicious DLL codes onto the target’s system as well as a fake PDF document created by the threat actors.
GitHub will serve as the malware’s command center after it has successfully been deployed onto a computer, and it will then have free rein to exploit compromised devices after receiving commands from GitHub.
Over $617 Million Stolen
In the past, US intelligence agencies warned that Lazarus had been issuing cryptocurrency wallets and investment apps infected with trojans, enabling them to steal private keys. Having stolen cryptocurrency worth over $617 million at one point, the FBI found that the group’s efforts have paid off.
In this particular case, the attack is connected to a blockchain-based game, which was the victim of a deceptive PDF sent to one of the blockchain’s engineers as a job offer. Lazarus exploited a security flaw as soon as the file was opened, infecting the individual’s system as a result.
Whatever the case may be, it’s a scary prospect: opening one PDF file could compromise the entire network. Considering the number of crypto transactions handled by Coinbase, it is impossible to imagine what financial impact Lazarus would have on the company.
Until further notice, it might be a good idea not to open any documents if approached by Coinbase.
Via this site
