by Ed Stroz and Carl Young
Recently, a malware payload (referred to as “Lightless Can”) was successfully deployed in connection with fake job offers.[1] According to researchers at ESET, the North Korean-affiliated hacking group “Lazarus” was behind this targeted phishing operation, which involved tricking victims at a Spanish aerospace company by offering a fake offer of employment at well-known firms.
Of course, there is nothing new about bad actors of all types tricking unsuspecting users into downloading malware. Phishing and pretexting, two forms of social engineering, constituted approximately 20 percent of all cyberattacks in 2022.[2] The difference here is twofold: the sophistication of the software in eluding detection and the apparent authenticity of the ruse.