North Korean state-sponsored threat actors are targeting macOS users with new malware, utilizing a strategy that combines two popular approaches – fake job ads, and ClickFix, experts have warned.
Security researchers Jamf confirmed they have spotted attacks in the wild using ClickFix, an attack method in which the victim is presented with a fake problem, and at the same time, presented with a fix. It is an evolution of the old “You have a virus” popup that dominated the internet in the early 2000’s. Jamf says ‘DPRK-aligned operators’ from the FlexibleFerret malware family have been creating fake companies, fake LinkedIn profiles and, most importantly – fake job ads, as part of a wider campaign called Contagious Interview.
Read more…
Source: TechRadar News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Norway spy chief blames Russian hackers for hijacking dam
August 14, 2025
Russian hackers briefly hijacked a dam in Norway in early April and spilled millions of gallons of water before the attack was stopped, Norway’s spy chief revealed Thursday. The hackers opened a floodgate at the Bremanger dam in western Norway to release the equivalent of about three Olympic-sized swimming pools of water during the four hours ...
- Cyber attack on Nigeria Customs Service disrupts clearance operations
August 14, 2025
A cyber attack on the Information Communication Technology (ICT) platform of the Nigeria Customs Service (NCS) has caused significant disruptions to cargo clearance operations at ports across the country. Licensed Customs agents are already counting their losses to demurrage charges on their consignments as a result of the disruption. Confirming the development, NCS spokesman and Assistant ...
- New trends in phishing and scams: How AI and social media are changing the game
August 13, 2025
Phishing and scams are dynamic types of online fraud that primarily target individuals, with cybercriminals constantly adapting their tactics to deceive people. Scammers invent new methods and improve old ones, adjusting them to fit current news, trends, and major world events: anything to lure in their next victim. Since our last publication on phishing tactics, there ...
- FBI: Fictitious Law Firms Targeting Cryptocurrency Scam Victims Combine Multiple Exploitation Tactics While Offering to Recover Funds
August 13, 2025
This updated advisory provides additional red flag indicators and due diligence measures to help victims who have been in contact with fictitious law firms conducting this fraudulent activity. This scheme combines a number of exploitation tactics including targeting vulnerable populations, particularly the elderly; exploiting victims’ emotional state and financial need to recover funds from a previous ...
- Pandora cyber attack highlights growing threat to ecommerce
August 13, 2025
The global jeweller, Pandora has recently fallen victim to a cyber attack — becoming the latest high-profile cyber incident. Last week, Pandora confirmed that it had been hit by a cyber attack, with customer data being breached as a result. However, the company claimed that no confidential information, such as passwords and credit card details, was ...
- Fortinet Releases Security Advisory for Authentication Bypass Vulnerability
August 12, 2025
An authentication bypass using an alternate path or channel vulnerability in FortiOS, FortiProxy & FortiPAM may allow an unauthenticated attacker to seize control of a managed device via crafted FGFM requests, if the device is managed by a FortiManager, and if the attacker knows that FortiManager’s serial number. Read more… Source: Fortinet Sign up for the Cyber ...