The Lazarus APT group is using job offers as a lure to infect people in their latest campaign. The threat actors are sending out messages that proport to contain a job offer from the Crypto.com financial exchange company.
The supposed offer letter is in the form of a PDF. But in opening this file, the victim is instead delivered a dropper malware for MacOS. This malware is signed with an ad-hoc signature in order to bypass Apples Gatekeeper.
In another campaign reported by Microsoft, the Lazarus group trojanized legitimate open-source tools such as PuTTY, KiTTY, TightVNC and Sumatra PDF Reader, and distributed them over social media channels.
The AI-powered and behavioral detection engines in Acronis Cyber Protect Cloud detect and block malware on macOS as well as Windows-based systems, keeping them safe from threats and protecting valuable data.