Skip to main content

North Korean Hacker, Attacking Job Seeker with Malicious MacOS Executable


 Hacker group from North Korea, Lazarus is reportedly attacking job seekers in cyberspace with malware that can specifically attack Apple Macs with Intel and M1 chipsets.


It was ESET Security who reported this in a report entitled "Operation In(ter)ception" which was issued since last June 2020. The Lazarus Group reportedly uses social engineering tactics to trick job seekers in the aerospace and military fields with fake job vacancies, so that their data will be very easily collected and used to attack them in the future.


The last reported attack occurred on August 11, 2022 yesterday when several job seekers at crypto company, Coinbase reported getting an executable file that was electronically signed by Mach-O.


The decoy file included in the hoax is a PDF file with Mach-O malware inserted and is a trojan dropper to activate the FinderFontsUpdater program which is then used to download a payload that will be used to attack victims.

ESET stated that the lure was signed on July 21 using a certificate issued in February 2022 to a developer named Shankey Nohria. Apple has since moved to revoke the certificate on August 12.


It's worth noting the malware is cross-platform, as a Windows equivalent of the same PDF document was used to drop an .EXE file named "Coinbase_online_careers_2022_07.exe" earlier this month, as revealed by Malwarebytes researcher Hossein Jazi.

Comments

Popular posts from this blog

Cara Disable Antimalware Service Executable di Windows 10

Disadari atau tidak, Windows 10 (dan juga windows-windows lainnya) hadir dengan banyak sekali aplikasi bloatware (aplikasi yang tidak perlu-perlu amat dimiliki oleh end user). Contohnya, adalah aplikasi yang seharusnya sudah tergantikan fungsinya oleh antivirus, seperti Antimalware Service Executable . Aplikasi ini dicurigai membuat Windows 10 mengalami inefisiensi memori/RAM, memakan resource yang tinggi, dengan Load yang tinggi (tanpa limit terkadang). Nah, berikut adalah cara men-disable nya: Tekan tombol Windows + I untuk membuka apliaksi Windows Setting. Pilih icon menu Update and Security Pilih lagi menu disamping kiri Windows Security Pada jendela baru yang muncul, ada pilihan Virus & Threat protection Klik ini Lalu matikan proses Real-time protection tersebut. Dengan Regedit. Buka dialog regedit, Windows + R dan ketik ‘regedit’ Cari Folder regedit ini HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Buat sebuah DWORD baru dengan klik kanan

Setup Debian 11 Official Repository In sources.list (/etc/apt/sources.list)

When you install Debian 11 using a DVD, the OS installer sets the DVD as the source for getting packages for your system if you didn't choose to scan for network mirrors. Due to this reason, the system would ask you to insert a DVD if the disc is not present in the DVD drive when you try to install any software.  Also, the packages on DVD may not be the latest release.  So, we need to get the packages from the Internet. Media change: please insert the disc labeled 'Debian GNU/Linux 11.0.0 _Bullseye_ - Official amd64 DVD Binary-1 20210814-10:04' in the drive '/media/cdrom/' and press [Enter] The /etc/apt/sources.list file with DVD as a source would look something like below. # deb cdrom:[Debian GNU/Linux 11.0.0 _Bullseye_ - Official amd64 DVD Binary-1 20210814-10:04]/ bullseye contrib main deb cdrom:[Debian GNU/Linux 11.0.0 _Bullseye_ - Official amd64 DVD Binary-1 20210814-10:04]/ bullseye contrib main deb http://security.debian.org/debian-security bullseye-security

How to Install Traefik in Debian (Without Docker)

 Download the suitable version of Traefik for your system from here: https://github.com/traefik/traefik/releases as an example, we'll be download the linux 64 bit version: wget https://github.com/traefik/traefik/releases/download/v2.8.7/traefik_v2.8.7_linux_amd64.tar.gz extract those package: tar -xzvf traefik_v2.8.7_linux_amd64.tar.gz set the traefik as executable and move the traefik binary to linux bin folder