Infamous Lazarus hacking group targeting Mac users with fake job listings

Fake employment offers are being used by notorious North Korean hacking outfit Lazarus to target Apple Inc. Mac users.

The new Lazarus effort, which was described on Twitter on August 16 by security experts at ESET s.r.o., involves bogus emails pretending to be developer job postings from Coinbase Inc.

The bogus job emails contain an attachment with harmful malware that can damage Macs with Intel or Apple processors.

Three items are downloaded by the Mac malware: a phoney PDF file, a font updater software, and a downloader dubbed "safarifontagent."

The malicious file bundle has a timestamp of July 21, indicating that it is a brand-new campaign and not a continuation of earlier Lazarus attacks.

Nevertheless, a developer going by the name of "Shankey Nohria" was given a certificate in February of this year that was used to sign the malicious files.

A well-known Lazarus downloader named "safarifontagent" connected to a separate command and control server is one of the new campaign's other changes.

The C&C server was silent when the ESET experts tried to investigate the threat, they said.

The Lazarus Group regularly targets victims. The organisation is most known for spreading WannaCry ransomware in 2017, but has resurfaced since then.