© 2022 CyberNews - Latest tech news,
product reviews, and analyses.

If you purchase via links on our site, we may receive affiliate commissions.

North Korean hackers use fake Coinbase job ads to lure crypto buffs


The infamous North Korean hacker group Lazarus torments the fintech industry, targeting sector employees by impersonating popular crypto exchange Coinbase.

A novel social engineering campaign targets crypto engineers and security professionals. According to Malwarebyte researcher Hossein Jazi, hackers from the Lazarus group distribute fake Coinbase job offers infected with malware.

Since Coinbase is among the most recognizable names in the crypto industry, a job ad for a position in the company provides Lazarus with a large pool of potential victims.

The bait job ad is titled ‘Engineering Manager, Product Security,’ indicating North Korean hackers are looking to phish for particular types of victims.

The fake job ad hides a file named ‘Coinbase_online_careers_2022_07.exe’, and once executed, the infected file displays a PDF preview and deploys malicious files on the victims’ device.

According to Jazi, the campaign resembles a similar one Malwarebytes described in their blog back in January. At the time, the Lazarus group distributed fake job offers, masquerading as the US security and aerospace company Lockheed Martin.

In both campaigns, GitHub served as the command and control (C2) server to receive and execute instructions on the infected device.

North Korean hackers

North Korea employs cybercrime to finance its dictatorship, which runs a country mostly closed off from the outside world.

While Lazarus Group, also known as ‘Un-usual Suspects’ or APT 38, is almost certainly a state-sponsored actor, its primary goals are often financial. Hacker groups operated by state intelligence services often focus more on espionage.

According to Chainalysis, North Korea launched at least seven attacks on cryptocurrency platforms that extracted nearly $400 million worth of digital assets last year.

The FBI claims that DPRK hackers were behind the Ronin exchange hack that netted attackers $620m. Researchers believe that Lazarus Groups was behind the $100m hack of another crypto exchange, Harmony.

Recently, The US Department of State has increased the reward for information leading to the identification of members from North Korea’s state-sponsored hacker groups such as Lazarus from $5m to $10m.

A United Nations panel of experts monitoring North Korea’s sanctions has accused Pyongyang of using stolen funds to support its nuclear and ballistic missile programs to circumvent sanctions.

Last year the United States charged three North Korean computer programmers working for the country’s intelligence service with a massive, years-long hacking spree to steal more than $1.3 billion in money and cryptocurrency, affecting companies from banks to Hollywood movie studios.


More from Cybernews:

Energy-draining vampire devices: hidden dangers of your smart home

Five sectors where robots will likely take over

Struggling during virtual meetings? You might be experiencing meeting fatigue

Nomad offers up to a 10% bounty for the return of hacked funds

Cybercrime in 2023: ransomware, LockBit, and emerging hacktivism

Subscribe to our newsletter



Leave a Reply

Your email address will not be published. Required fields are marked