Lazarus hackers target IT workers with Linux malware disguised as a job vacancy

Spread the love

Lazarus hackers affiliated with North Korea target IT workers with specific Linux malware through a fake vacancy. For example, software makers were approached via LinkedIn with a job offer, after which an infected file was sent.

Victims were shown this fake vacancy. Image via ESET

The hackers operate according to cybersecurity experts from ESET under the name Operation DreamJob and use an apparent .pdf file to install malware on victims’ Linux systems. In contrast, the apparent .pdf file, a 64-bit Intel-Linux binary called HSBC job offer․pdf, is actually an executable. Although a fake vacancy appears on the screen after opening, a payload is said to be downloaded from OpenDrive in the background. This will then install a SimplexTea backdoor.

The same security researchers conclude ‘with a high degree of certainty’ based on the above findings that the recent cyber attack on 3CX was carried out by the same organization. After a supply chain attack, the VoIP service’s desktop client spread malware; Lazarus is also said to have been behind this. According to ESET, the two examples underline how cunning North Korean hackers can operate on different platforms.

You might also like