The Lazarus Group has an extensive track record of targeting potential victims. The group is best known for being behind the spread of the WannaCry ransomware in 2017 but has regularly popped up since then. Previous campaigns include Lazarus targeting Linux systems in December. The ESET researchers noted that the C&C server did not respond at the time they attempted to analyze the threat. Other differences in the new campaign include a previously known Lazarus downloader “safarifontagent” connecting to a different command and control server.
That said, a certificate used to sign the malicious files was issued in February this year to a developer known as “Shankey Nohria.”
#Lazarus group mac based attack pdf
The Mac malware drops three files: a decoy PDF document, a fake font updater app and a downloader called “safarifontagent.” The bundle of malicious files is timestamped July 21, indicating that the campaign is new, not part of previous Lazarus campaigns. The fake job emails include an attachment containing malicious files that can compromise both Intel and Apple chip-powered Mac computers.
16 by security researchers at ESET s.r.o on Twitter, the new Lazarus campaign involves phony emails impersonating Coinbase Inc. Mac users via fake job offers.ĭetailed Aug. Infamous North Korean hacking group Lazarus is attempting to target Apple Inc.
0 kommentar(er)
