Lazarus Lures Aspiring Crypto Pros With Fake Exchange Job Postings

Previously observed using fake Coinbase jobs, the North Korea-sponsored APT has expanded into using Crypo.com gigs as cover to distribute malware.

1 Min Read
Photo illustration of golden cryptocurrency token
Source: Klaus Ohlenschlaeger via Alamy Stock Photo

Researchers are warning that Lazarus has expanded its campaign using fake jobs with cryptocurrency exchanges to trick macOS users into downloading malware.

Just last month, researchers observed Lazarus using Coinbase job openings to trick macOS users into downloading malware. Now, SentinelOne says the same threat group has expanded its phishing campaign to include fraud job postings at another cryptocurrency exchange, Crypto.com.

According to the SentinelOne report on the new crypto job lure, the additional victims were initially contacted by Lazarus through LinkedIn messaging.

Lazarus is an advanced persistent threat (APT) group with ties to the North Korean state. SentinelOne pointed out that the attack group has been targeting cryptocurrency exchanges since 2018, and has specifically used fake cryptocurrency exchange jobs as lures since 2020.

"The Lazarus (aka Nukesped) threat actor continues to target individuals involved in cryptocurrency exchanges," the SentinelOne researchers wrote. "This has been a long-running theme going as far back as the AppleJeus campaigns that began in 2018."

About the Author

Becky Bracken, Senior Editor, Dark Reading

Dark Reading

Becky Bracken is a veteran multimedia journalist covering cybersecurity for Dark Reading.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights