Researchers at cyber-security firm ESET posted a screenshot on Twitter that showed fake job listings from leading crypto exchange
The fake job listing was for an engineering manager, product security, at Coinbase.
"A signed Mac executable disguised as a job description for Coinbase was uploaded to VirusTotal from Brazil. This is an instance of Operation by Lazarus for Mac," the ESET researchers posted in a tweet.
The fake job emails have an attachment containing malicious files that can compromise both Intel and Apple chip-powered Mac computers.
"Malware is compiled for both Intel and Apple Silicon. It drops three files: a decoy PDF document, a bundle and a downloader," warned researchers.
The Mac malware campaign is new and not part of previous Lazarus campaigns.
This time, "the bundle is signed July 21 (according to the timestamp) using a certificate issued in February 2022 to a developer named
Last month, cyber-security researchers linked Lazarus with stealing $100 million worth digital tokens from Harmony, the crypto startup behind Horizon Blockchain Bridge.
The Lazarus Group has perpetrated several large cryptocurrency thefts totalling over $2 billion, and has recently turned its attention to Decentralised Finance (DeFi) services such as cross-chain bridges, according to London-based blockchain analysis provider Elliptic.
The same group is believed to be behind the $540 million hack of
SEE ALSO :