The North Korean Lazarus hacking group is now using fake 'Crypto.com' job offers to hack developers and artists in the crypto space, likely with a long-term goal of stealing digital assets and cryptocurrency.
Crypto.com is one of the world's leading cryptocurrency exchange platforms. The company gained attention in 2021 when it purchased and rebranded the Los Angeles Staples Center arena into 'Crypto.com Arena' and began a series of TV advertisements promoting the service.
The Lazarus hacking group has been running a campaign dubbed 'Operation In(ter)ception' since 2020, where they target people working in the cryptocurrency industry.
The threat actors' goal is to trick targets into opening malicious files that infect systems with malware that can be used to breach the internal networks of crypto companies to steal large amounts of cryptocurrency, NFTs, or conduct espionage.
In August 2022, Lazarus was seen targeting IT workers with malicious job offers that impersonated Coinbase and targeted users with
Windows malware or
macOS malware.
In a new report by Sentinel One, the hackers have now switched to impersonating Crypto.com in their phishing attacks using the same macOS malware seen in previous campaigns.
