APT Lazarus Aims Mac Malware at Engineers

The North Korean APT is conducting a cyberespionage campaign against users of Apple and Intel-based systems using a bogus Coinbase job posting.

The North Korean APT Lazarus is up to its old tricks with a cyberespionage campaign aimed at engineers using a fake job posting to spread macOS malware. The campaign’s malicious Mac executable targets both Apple and Intel chip-based systems.

The campaign, identified by researchers from ESET Research Labs and disclosed in a series of tweets published on Tuesday, impersonates cryptocurrency exchange Coinbase in a job posting claiming to be seeking an engineering manager for product security, researchers disclosed.

The recent campaign, dubbed Operation In(ter)ception, distributes a signed Mac executable disguised as a Coinbase job description, which researchers found uploaded to VirusTotal from Brazil, they wrote. “Malware is compiled for both Intel and Apple Silicon,” according to one of the tweets. “It drops three files: Coinbase online careers 2022 07.pdf, http://FinderFontsUpdater.app, and safarifontagent.”

Similarities with Earlier Malware

The malware is comparable to a sample discovered by ESET in May, which contained a signed executable disguised as a job description, was compiled for both Apple and Intel, and dropped a PDF decoy, according to researchers.

According to its timestamp, the most recent malware was signed on July 21, indicating that it is either something new or a variant of the previous malware. It uses a certificate issued to a developer named Shankey Nohria in February 2022 and revoked by Apple on August 12, according to researchers. The application was not notarized.

According to ESET, a Windows variant of Operation In(ter)ception was discovered on August 4 by Malwarebytes threat intelligence researcher Jazi dropping the same decoy.

The campaign malware connects to a different command and control (C2) infrastructure than the malware discovered in May, https:[//]concrecapital[. ]com/%user%[. ]jpg, which researchers were unable to connect to.

Lazarus is on the Run

Lazarus is widely recognized as one of the most prolific APTs and is already in the sights of international authorities, having been sanctioned by the U.S. government in 2019.

Lazarus is notorious for targeting academics, journalists, and professionals from various industries, especially the defense industry, in order to collect intelligence and financial support for Kim Jong-regime. un’s It has frequently employed impersonation techniques similar to those observed in Operation In(ter)ception to lure victims into downloading malware.

An earlier spear-phishing campaign identified in January also targeted job-seeking engineers by luring them with false employment opportunities. The attacks utilized Windows Update as a technique for self-sufficiency and GitHub as a C2 server.

Lazarus impersonated defense contractors Boeing and General Motors in a similar campaign uncovered the previous year, claiming to be seeking job candidates while spreading malicious documents.

Changing It Up

However, Lazarus has recently diversified its tactics, with the feds revealing that Lazarus is also responsible for a number of crypto heists aimed at bolstering Jong-regime uns financially.

In relation to this activity, the U.S. government imposed sanctions on the cryptocurrency mixer service Tornado Cash for assisting Lazarus in laundering proceeds from its cybercriminal activities, which the government believes are being used in part to finance North Korea’s missile program.

Lazarus has even experimented with ransomware as part of its cyberextortion frenzy. In May, researchers at the cybersecurity company Trellix connected the newly discovered VHD ransomware to the North Korean APT.

Why Trust Us?

Best Top Reviews Online was founded in 2018 to provide our readers with thorough, unbiased, and independent advice on what to buy. We now have millions of monthly users from all over the world and evaluate over 1,000 products per year.

The article above was written by the BestTopReviewsOnline team, which includes many of the US’s most knowledgeable technical experts. Our team includes well-known writers with extensive experience in mobile phones, computing, technology, photography, and other fields.

Related Stories

  • All Post
  • Best Picks
  • Explainers
  • How To
  • News
  • Versus
WordPress Vulnerabilities Up 30 Percent in 2018

January 9, 2019

Despite fewer plugins being added to WordPress in 2017, the CMS platform experienced an increase in vulnerabilities in 2018. UPDATE In 2018, vulnerabilities in the popular content management system (CMS) WordPress increased by 30 percent, according to new research on…

Security is a $10 Billion Business for Microsoft

January 28, 2021

NEWS ANALYSIS: Microsoft generated a staggering $10 billion in security-related revenues in the past year and is now a leader in enterprise cybersecurity. Microsoft’s decades-long transformation from an embarrassment to a legitimate cybersecurity powerhouse is yielding significant financial returns: over…

Get more info



Best Products

Buying Guides

Contact Us

About Us

We provide a platform for our customers to rate and review services and products, as well as the stores that sell them. We research and compare the most popular brands and models before narrowing it down to the top ten, providing you with the most comprehensive and reliable buying advice to help you make your decision.


BestTopReviewsOnline.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com. As an Amazon Associate I earn from qualifying purchases.


Address & Map

20 S Santa Cruz Ave, Suite 300, Los Gatos, CA 95030, United States

© 2022 BestTopReviewsOnline.com Pty. Ltd. All Rights Reserved. Licensing: All third-party trademarks, images, and copyrights used on this page are for comparative advertising, criticism, or review. As this is a public forum where users can express their opinions on specific products and businesses, the opinions expressed do not reflect those of BestTopReviewsOnline.com.