Those who seek crypto jobs via LinkedIn are advised to be careful.
Lazarus, a group of hackers who are sure to be sponsored from North Korea attack crypto and blockchain professionals through principal working social media, LinkedIn.
Based on the information from Finnish cyber security and privacy company, F-Secure, the recent Lazarus attack has been performed by means of hob ad at the aforementioned social media. The investigation results confirmed that a private person working in a blockchain sphere got phishing message, which has been a copy a legal job ad.
The message contained an MS Word document titled “BlockVerify Group Job Description,” with a vulnerable code activated during opening.
F-Secure revealed that the document provides the same names, authors, and word count elements as publicly available code from principal internet security website, VirusTotal. Based on VirusTotal, the original malicious macro was made in 2019. The virus is detected with 37 antivirus programs.
“The principal goal of the malware is to get login info and access to the victim’s network, eventually to reach the system required to steal the cryptocurrency”.
The F-Secure report mentions that the Lazarus group’s interests are directly connected with those of the government of the Democratic People’s Republic of Korea, or DPRK. The Lazarus group is long known for various attacks on the crypto industry. Recently their trace had been confirmed in the theft of crypto from Mac and Windows users. The amount of losses is worth nearly $600 million USD.