This latest variant of the campaign is being scrutinised by the cybersecurity company SentinelOne.
The cybersecurity company found out that the hacker group used decoy documents for advertising positions for the Singapore-based cryptocurrency exchange platform called Crypto.com and is carrying out the hacks accordingly.
The latest variant of the hacking campaign has been called “Operation In(ter)ception”. Reportedly, the phishing campaign only targets Mac users by far.
The malware used for the hacks has been found to be identical to the ones used in fake Coinbase job postings.
Last month, researchers observed and found out that Lazarus used fake Coinbase job openings to trick only macOS users into downloading malware.
This has been considered to be an orchestrated hack. These hackers have camouflaged malware as job postings from popular crypto exchanges.
This is conducted by using well-designed and legitimate-seeming PDF documents displaying advertising vacancies for various positions, such as Art Director-Concept Art (NFT) in Singapore.
According to a report from SentinelOne, this new crypto job lure included targeting other victims by contacting them on LinkedIn messaging by Lazarus.
Providing additional details regarding the hacker campaign, SentinelOne stated,
Although it is not clear at this stage how the malware is being distributed, earlier reports suggested that threat actors were attracting victims via targeted messaging on LinkedIn.
These two fake job advertisements are just the latest in a host of attacks which have been called Operation In(ter)ception, and which in turn is a part of a broader campaign which falls under the broader hacking operation called Operation Dream Job.