Crypto exchange is the latest target of a fraudulent job advertisement scheme by the North Korean-linked hacker group Lazarus. 

The malware attack encourages members of the crypto community to download a PDF document showcasing the open vacancies at including a Singapore-based Art Director role, among others, according to a report from cyber security firm Sentinel One. 

When the interested candidate proceeds to download the PDF job description, they unknowingly fall victim to a trojan horse attack in which their personal data and financial information are compromised.


More recently in August, Lazarus also executed a similar scheme by targeting candidates with direct message job offers on LinkedIn for an Engineering Manager, Product Security position at crypto exchange Coinbase

As showcased by security research firm ESET, the bundle of three files that incorporated the malware software was disguised as a career document for a Coinbase role.

While the exact intentions of the group are unknown, it is presumed that gaining access to crypto funds and sensitive information on exchanges is the priority.

Decrypt reached out to for comment, but has yet to hear back at the time of publication. 


Lazarus Group and crypto

In April this year, the United States Treasury Department accused Lazarus of coordinating the $622 million attack on the Ronin Bridge—an Ethereum sidechain that supports the popular blockchain game Axie Infinity—issuing a blacklisted status to the wallet address and placing it on an official sanctions list. 

Over the past few years, the North Korean government and associated security services have denied any involvement with Lazarus.

In February, a United Nations report indicated that a portion of the Hermit Kingdom’s nuclear and ballistic missile programs were funded by cyberattacks and cryptocurrency exchanges.

Daily Debrief Newsletter

Start every day with the top news stories right now, plus original features, a podcast, videos and more.