Beware of this fake jobs scam: New ‘LightlessCan’ malware by Lazarus Group poses a greater threat to users
Cybersecurity researchers at ESET have uncovered a sophisticated malware, ‘LightlessCan,’ used by the notorious Lazarus Group in fake job scams, raising alarm about their evolving tactics.
Highlights
- Cybersecurity researchers from ESET have sounded the alarm on ‘LightlessCan’
- ESET's senior malware researcher, reveals that LightlessCan represents a significant leap forward from its predecessor, BlindingCan
- The Lazarus Group's primary motive is cyber-espionage, as evidenced by their recent attack on a Spanish aerospace firm
Cybersecurity researchers at ESET have issued a warning about a more challenging malware, ‘LightlessCan,’ being employed by the Lazarus Group in their fake job scams.
While ESET was looking into the issue, they were checking out a fake job attack on a Spanish aerospace company. During their investigation, the ESET researchers unexpectedly found a hidden way for cyber attackers to get into computer systems, which they named ‘LightlessCan.’ This finding has made them worried about how the Lazarus Group, the cybercriminals behind it, is changing their methods.
Lazarus Group's fake job scams
The way the Lazarus Group usually operates is by tricking people into thinking they're getting a job offer from well-known companies. They make people download harmful software that looks like regular documents, but it actually causes a lot of damage.
The advancements of LightlessCan
Peter Kalnai, ESET's senior malware researcher, says that LightlessCan is a big improvement over its older version, BlindingCan. This malicious software pretends to be like regular computer commands in Windows, making it able to secretly do things inside a program called Remote Access Trojan (RAT). This trick helps it hide from security systems that watch for irregularities happening on computers and from tools that investigate digital crimes.
LightlessCan employs ‘execution guardrails’ to ensure that only the intended victim's machine can decrypt the payload, preventing unauthorised decryption by security researchers.
A real-world attack
Kalnai shared an example of an attack on a Spanish aerospace firm, where an employee received a message from a fake Meta recruiter named Steve Dawson in 2022. The hackers then sent two coding challenges embedded with the malware.
Cyber-espionage motive
The primary motivation behind Lazarus Group's attack on the aerospace firm was cyberespionage, highlighting the group's ongoing threat to organisations. Since 2016, North Korean hackers have allegedly stolen approximately $3.5 billion from cryptocurrency projects, according to blockchain forensics firm Chainalysis.
LinkedIn scam alert
In September 2022, cybersecurity firm SentinelOne warned about a fake job scam on LinkedIn, part of a campaign dubbed ‘Operation Dream Job,’ highlighting the persistent threat of such scams.
The United Nations has been working to curb North Korea's cybercrime activities on the international stage, as it is believed that the stolen funds support the country's nuclear missile program.
