Cybersecurity researchers have found this malicious malware hidden inside a PDF for job offers! Apple Mac users are in danger from this malware. Know the details here.
Cybersecurity researchers have discovered a new phishing attack that deploys dangerous malware to macOS devices. So far, this malware was limited to the Windows platform, but in the latest development, security researchers at cybersecurity company ESET found that North Korean hackers from the Lazarus group have been using a malicious file for macOS to lure the employees into the financial technology sector.
In the past, the hackers of the Lazarus group have used several tactics to create fake job offers, and recently, they used a PDF file loaded with malware propagated with details about a hiring position at Coinbase. The fake document named “Coinbase_online_careers_2022_07” was generated to bring the attention of job seekers and loaded a malicious DLL on the device. It ultimately allows the hackers to take control of the infected device. ESET, the cybersecurity company has also found that malware is ready to infect the macOS systems.
Who is under threat from this malware?
“A signed Mac executable disguised as a job description for Coinbase was uploaded to VirusTotal from Brazil. This is an instance of Operation In(ter)ception by #Lazarus for Mac,” the cybersecurity researchers informed via tweet. They further informed that the malicious PDF file is compiled for Macs with both Intel and Apple silicon. This means your Mac device is under threat whether you have a newer model or an old model of the Mac.
Once the malware is transported to your device, it drops three files on your system, namely: the bundle FinderFontsUpdater.app, the downloader safarifontagent, and a decoy PDF called “Coinbase_online_careers_2022_07” PDF. The researchers noticed that the fake malicious document file was signed on July 21.
However, this is not the first time that the group of Lazarus hackers have targeted Mac users. Last year, a similar campaign targeting macOS users was identified while using the same fake job profile offer tactic but with a different PDF file.
Thankfully, Apple has revoked the certificate on August 12, the cybersecurity team of ESET confirmed. However, the application was not notarized – an automatic process that Apple uses to check software for malicious components.