Lazarus Lures Aspiring Crypto Pros With Fake Exchange Job Postings

Previously observed using fake Coinbase jobs, the North Korea-sponsored APT has expanded into using Crypo.com gigs as cover to distribute malware.

Researchers are warning that Lazarus has expanded its campaign using fake jobs with cryptocurrency exchanges to trick macOS users into downloading malware.
Just last month, researchers observed Lazarus using
Coinbase job openings
to trick macOS users into downloading malware. Now, SentinelOne says the same threat group has expanded its phishing campaign to include fraud job postings at another cryptocurrency exchange, Crypto.com.
According to the SentinelOne report on the new
crypto job lure
, the additional victims were initially contacted by Lazarus through LinkedIn messaging.
Lazarus is an advanced persistent threat (APT) group with ties to the North Korean state. SentinelOne pointed out that the attack group has been targeting
cryptocurrency exchanges
since 2018, and has specifically used fake cryptocurrency exchange jobs as lures since 2020.
The Lazarus (aka Nukesped) threat actor continues to target individuals involved in cryptocurrency exchanges, the SentinelOne researchers wrote. This has been a long-running theme going as far back as the
AppleJeus campaigns
that began in 2018.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Lazarus Lures Aspiring Crypto Pros With Fake Exchange Job Postings