North Korean state-sponsored threat actors are targeting macOS users with new malware, utilizing a strategy that combines two popular approaches – fake job ads, and ClickFix, experts have warned.
Security researchers Jamf confirmed they have spotted attacks in the wild using ClickFix, an attack method in which the victim is presented with a fake problem, and at the same time, presented with a fix. It is an evolution of the old “You have a virus” popup that dominated the internet in the early 2000’s. Jamf says ‘DPRK-aligned operators’ from the FlexibleFerret malware family have been creating fake companies, fake LinkedIn profiles and, most importantly – fake job ads, as part of a wider campaign called Contagious Interview.
Read more…
Source: TechRadar News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- FBI: North Korean IT Worker Threats to U.S. Businesses
July 23, 2025
The Federal Bureau of Investigation (FBI) is providing an update to previously shared guidance regarding Democratic People’s Republic of Korea (North Korea) Information Technology (IT) workers to raise public awareness of the threat posed to U.S. businesses. North Korea is evading U.S. and U.N. sanctions by targeting private companies to illicitly generate substantial revenue for the ...
- Key figure behind XSS.IS forum arrested in Ukraine
July 23, 2025
A long-running investigation led by the French Police and Paris Prosecutor, in close cooperation with their Ukrainian counterpart and Europol, has led to the arrest of the suspected administrator of xss.is, one of the world’s most influential Russian-speaking cybercrime platforms. The forum, which had more than 50 000 registered users, served as a key marketplace for ...
- Cambodia: Authorities arrest over 3,000 suspects in nationwide online scam crackdown
July 23, 2025
The Secretariat of the Commission for Combating Online Scams (CCOS) presented the results of an operation to suppress online scam activities across the Kingdom of Cambodia yesterday. After CCOS’s initial meeting on June 27 and Prime Minister Hun Manet’s strict directive on July 15, the Unified Administrative Command in all 25 capital and provincial administrations took ...
- Hundreds of organizations breached by SharePoint mass-hacks
July 23, 2025
Security researchers say hackers have breached at least 400 organizations by exploiting a zero-day vulnerability in Microsoft SharePoint, signaling a sharp rise in the number of detected compromises since the bug was discovered last week. Eye Security, a Dutch cybersecurity firm that first identified the vulnerability in SharePoint, a popular server software that companies use to ...
- Q2 2025 Ransomware Trends Analysis: Boom and Bust
July 22, 2025
Q2 2025 features many of the threat actors Rapid7 observed in Q1, with the top four leak site post groups quite a ways out in front of the rest. Qilin leads the pack by some distance, with SafePay and Akira in second place, and Play in third position. Lynx and INC Ransom lead the charge in ...
- #StopRansomware: Interlock
July 22, 2025
Since September 2024, Interlock ransomware actors have impacted a wide range of businesses and critical infrastructure sectors in North America and Europe. These actors are opportunistic and financially motivated in nature and employ tactics to infiltrate and disrupt the victim’s ability to provide their essential services. Interlock actors leverage a double extortion model, in which they ...