The North Korean Sponsored Hacking Group Lazarus has It's Targets Set on MacOS, and They're Targeting Those Interested in Cryptocurrencies Photo by Aditya Joshi on Unsplash

The Lazarus Group is a cybercrime and hacking group run by the North Korean state. They have been responsible for various cyberattacks between 2010 and the present day. Their latest target is now MacOS users.

The hacking group's latest campaign involves using fake job offers appearing to be from the cryptocurrency exchange platform Crypto.com. These job offers are incredibly beneficial and tempting to many, especially those involved in cryptocurrency.

The attack is started when the victim deploys a Mach-O binary that contains a malware dropper that launches a fake job listing from Crypto.com. While the dropper is showing the victim the job offer, in the background, it is deleting the terminal's saved state.

The downloader acts as a conduit for a bare-bones second-stage bundle named "WifiAnalyticsServ.app." The attackers use an innocuous bundle name in order to avoid detection by the victim. It is unclear what the final payload delivered to the compromised machine is, due to the C2 server which hosted the malware files is currently offline.

As MacOS users are being targeted heavily through this scam, it is important to keep yourself as protected as possible. Some tips recommended by the top cybersecurity experts include: