Attackers use social engineering to convince targets to start conversations on WhatsApp, where they deploy malware that opens a backdoor. Like this, Attackers already have a path of attack on the compromised computer.

According to Mandiant, who has been following this group since 2022, has found the patterns of these attacks and found attribution to the North Korean group. “Lazarus”. In these attacks, malware has been detected “Touchmove”, “sideshow” and “Touchshift”.

These attacks are launched through publications on the social network LinkedIn, in job offers. The attackers posed as recultators. In one of the parts of the selection process, the user is asked to contact by WhatsApp to continue the process.

It is there when you share a Word document that contains internally the malicious file hidden in one of the macros. This malware is responsible in the first instance for disabling antivirus protections.

It is not the first time that attacks of this type have been carried out, It is especially curious that the target of criminals are security investigators who, probably, are looking for work at other companies.

Fountain: Bleeping Computer


Leave a Reply

Your email address will not be published. Required fields are marked *

More news
A
Read more »
A researcher manages to hack some concert tickets using AI
Read more »
Una nueva campaña de phishing suplanta a ChatGPT
Read more »
Nintendo suffers a data breach through a supplier
Read more »
Trying to make fun of a scammer is not a very good idea
Read more »