New Lazarus Group campaign targets cryptocurrency wallets

North Korean hacking collective Lazarus Group has set sights on compromising cryptocurrency wallets with a cross-platform JavaScript stealer in a new attack campaign involving fraudulent LinkedIn job offers, Security Affairs reports.

After luring targets into providing their curriculum vitae or GitHub link for fake cryptocurrency, finance, or travel job offers, attackers proceed to share a malicious repository with the project's "minimum viable product," which executes nefarious code eventually resulting in the deployment of stealer malware that targets Windows, macOS, and Linux systems, a report from Bitdefender researchers showed. Aside from exfiltrating assets from various widely-used cryptocurrency wallets, such a cross-platform information-stealing payload also facilitated browser data and credential theft while conducting keylogging and additional malware delivery. "By compromising people working in sectors such as aviation, defense, and nuclear industries, they aim to exfiltrate classified information, proprietary technologies, and corporate credentials. In this case, executing the malware on enterprise devices could grant attackers access to sensitive company data, amplifying the damage," said the report.