Hackers are targeting potential victims with malware disguised as fake job offers, cybersecurity experts have warned.
Researchers from ESET have found that the Lazarus criminal group is targeting Linux users pretending to be emailing victims who work in the software or DeFi platform industries with the promise of a new role.
However the messages, sent either via LinkedIn or other social media platforms are simply a ploy to get the victims to download malware.
Lazarus attack
Thought to be affiliated with the North Korean government, Lazarus has become notorious in recent years for a number of cybercrime campaigns targeting users around the world.
This includes Operation DreamJob, its recent campaign that was launched as a result of the recent supply-chain attack on VoIP provider 3CX, which experts are now almost certain was carried out by Lazarus.
In its report (opens in new tab) on the campaign, ESET outlined how victims were targeted on social media, and asked to download documents claiming to contain details about a new offered position.
In its example, ESET found a ZIP archive named “HSBC job offer.pdf.zip” that contains a file that looks at first glance like a PDF, but in fact uses a Unicode character in its name as a disguise.
“The use of the leader dot in the filename was probably an attempt to trick the file manager into treating the file as an executable instead of a PDF,” ESET added. “This could cause the file to run when double-clicked instead of opening it with a PDF viewer.”
If clicked, the malware, named as OdicLoader, shows a fake PDF whilst downloading a payload in the background, which following further examination by ESET, looks to target Linux VMware virtual machines.
The after-effects on the March 2023 attack on 3CX are continuing to shake the technology industry as a whole. Recent reports suggest Lazarus is specifically targeting cryptocurrency companies using a trojanized version of the platform.
3CX has more than 12 million daily users, with products used by more than 600,000 companies worldwide Its customer list includes high-profile companies and organizations like American Express, Coca-Cola, McDonald’s, Air France, IKEA, the UK’s National Health Service, and multiple automakers, including BMW, Honda, Toyota, and Mercedes-Benz.