The North Korean hacker group Lazarus has introduced a new scheme by creating shell companies to spread malware through fake job opportunities.
Creation of Fake Companies
Lazarus has set up three shell companies: BlockNovas, Angeloper Agency, and SoftGlide. These companies are registered as legitimate businesses in the United States, adding an air of credibility for potential victims.
Deceptive Methods
The scam involves using fake job interviews to lure victims. When attempting to record an interview video, users encounter an error that leads them to click on a malicious link, installing malware. The hackers enhance their credibility by using AI-generated images of fake employees and altered photos of real individuals.
Consequences of Attacks
According to analysis, this campaign, running since 2024, has led to several known thefts, including one developer reporting the theft of their MetaMask wallet. While the FBI has shut down one of the companies, BlockNovas, other operations remain active. This malware operation is part of a broader series of cybercrimes associated with the Lazarus group.
The activity of the Lazarus group highlights the importance of vigilance regarding online threats, particularly when it comes to potential job offers and personal information.
