Hacker Group Lazarus Targets Users Via Coinbase Job Posts

• The malware campaign prompts members of the crypto community to download a PDF.
• Lazarus is a hacker group supported financially by the North Korean government.

Crypto.com, a cryptocurrency exchange, has been the latest victim of a hacking group called Lazarus.

According to a report by cyber security company Sentinel One. The malware campaign prompts members of the crypto community to download a PDF document. Advertising available positions at Crypto.com, such as an Art Director position in Singapore.

When a potential employee clicks on a link for a PDF job description. They may be tricked into downloading malware that may steal their personal information and even bank details. In a separate operation, Lazarus sent direct message job offers on LinkedIn to people they hoped would be interested in working as Engineering Managers for Coinbase’s Product Security teams in August.

26-page PDF Document

Three files containing the virus were packaged together. And presented as a resume for a position at Coinbase, as shown by security company ESET. While the group’s precise goals remain a mystery, it is widely believed that acquiring access to cryptocurrency cash and private information on exchanges is a top concern.

Lazarus’s standard method of contact is a LinkedIn direct message offering the recipient a high-paying position at a major corporation. Following the same pattern as prior macOS operations, the hackers sent a binary file that falsely claimed to be a PDF and included a 26-page PDF file entitled “Crypto.com Job Opportunities 2022 confidential.pdf,” purporting to provide open positions at Crypto.com in 2022.

Lazarus, a hacker group supported financially by the North Korean government, is suspected of stealing over $600 million worth of currencies from cryptocurrency firms.

Recommended For You:

Hackers Bag $160 Million in Wintermute DeFi Exploit