No, Coinbase doesn't want to offer you a job - it's a North Korean scam

Infamous North Korean threat actor Lazarus Group has been spotted attempting to lure blockchain developers with fake job offers laden with ...

Infamous North Korean threat actor Lazarus Group has been spotted attempting to lure blockchain developers with fake job offers laden with malware

Cybersecurity researchers from Malwarebytes have discovered a new campaign in which Lazarus assumes the identity of Coinbase, one of the world’s biggest and most popular cryptocurrency exchanges.

The criminals then reach out to blockchain developers with a job offer for the role of “Engineering Manager, Product Security", and even conduct a few interviews, to make the whole campaign more believable. At one point, however, the attackers will share a file, seemingly a PDF, with details on the alleged job position. The only thing this file has with a PDF is the icon, however, as it’s, in fact, an executable - Coinbase_online_careers_2022_07.exe. Besides the .exe, the threat actor will also deploy a malicious DLL.

Fake job offers galore

These files will then connect to GitHub, which servers as a command & control (C2) server, which shares further instructions on how to best infect the endpoint

The “fake job offer” type of attack is nothing new. In fact, the biggest crypto theft of all time, a $600 million-heavy attack on the Ronin bridge, happened in the same manner. One of Ronin’s developers was approached, via LinkedIn, by someone pretending to be a headhunter looking for quality developers.

One thing led to another, and the victim ended up downloading a weaponized PDF file which eventually gave the attackers the keys to Ronin’s kingdom. 

The FBI pointed its finger to Lazarus Group for this attack, as well. Regardless of if it ends up being true or not, this threat actor is by no means a stranger to fake job offers. The group has already used General Dynamics and Lockheed Martin for the same purpose. 

Lazarus usually attacks banks, cryptocurrency exchanges, NFT marketplaces, and sometimes people known for holding a heavy bag of cryptocurrencies.

Via: Bleeping Computer



from TechRadar - All the latest technology news https://ift.tt/NRoyXsk
via IFTTT

COMMENTS

BLOGGER
Name

Apps,3858,Business,151,Camera,1155,Earn $$$,3,Gadgets,1741,Games,926,GTA,1,Innovations,3,Mobile,1697,Paid Promotions,5,Promotions,5,Sports,1,Technology,8106,Trailers,796,Travel,37,Trending,4,Trendly News,25335,TrendlyNews,108,Video,5,XIAOMI,13,YouTube - 9to5Google,107,
ltr
item
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews: No, Coinbase doesn't want to offer you a job - it's a North Korean scam
No, Coinbase doesn't want to offer you a job - it's a North Korean scam
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews
http://www.trendlynews.in/2022/08/no-coinbase-doesnt-want-to-offer-you.html
http://www.trendlynews.in/
http://www.trendlynews.in/
http://www.trendlynews.in/2022/08/no-coinbase-doesnt-want-to-offer-you.html
true
3372890392287038985
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share. STEP 2: Click the link you shared to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy