Attackers use social engineering to convince targets to start conversations on WhatsApp, where they deploy malware that opens a backdoor. Like this, Attackers already have a path of attack on the compromised computer.
According to Mandiant, who has been following this group since 2022, has found the patterns of these attacks and found attribution to the North Korean group. “Lazarus”. In these attacks, malware has been detected “Touchmove”, “sideshow” and “Touchshift”.
These attacks are launched through publications on the social network LinkedIn, in job offers. The attackers posed as recultators. In one of the parts of the selection process, the user is asked to contact by WhatsApp to continue the process.
It is there when you share a Word document that contains internally the malicious file hidden in one of the macros. This malware is responsible in the first instance for disabling antivirus protections.
It is not the first time that attacks of this type have been carried out, It is especially curious that the target of criminals are security investigators who, probably, are looking for work at other companies.
Fountain: Bleeping Computer