30 September 2022  — 
Eric Swotinsky

Lazarus APT dangles job offers as lure

The Lazarus APT group is using job offers as a lure to infect people in their latest campaign. The threat actors are sending out messages that proport to contain a job offer from the Crypto.com financial exchange company.

The supposed offer letter is in the form of a PDF. But in opening this file, the victim is instead delivered a dropper malware for MacOS. This malware is signed with an ad-hoc signature in order to bypass Apples Gatekeeper.

In another campaign reported by Microsoft, the Lazarus group trojanized legitimate open-source tools such as PuTTY, KiTTY, TightVNC and Sumatra PDF Reader, and distributed them over social media channels.

The AI-powered and behavioral detection engines in Acronis Cyber Protect Cloud detect and block malware on macOS as well as Windows-based systems, keeping them safe from threats and protecting valuable data.