North Korean state-sponsored threat actors are targeting macOS users with new malware, utilizing a strategy that combines two popular approaches – fake job ads, and ClickFix, experts have warned.
Security researchers Jamf confirmed they have spotted attacks in the wild using ClickFix, an attack method in which the victim is presented with a fake problem, and at the same time, presented with a fix. It is an evolution of the old “You have a virus” popup that dominated the internet in the early 2000’s. Jamf says ‘DPRK-aligned operators’ from the FlexibleFerret malware family have been creating fake companies, fake LinkedIn profiles and, most importantly – fake job ads, as part of a wider campaign called Contagious Interview.
Read more…
Source: TechRadar News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Ingram Micro says ongoing outage caused by ransomware attack
July 7, 2025
Ingram Micro, a U.S. technology distributing giant and managed services provider, said on Monday a ransomware attack is the cause of an ongoing outage at the company. The hack began on Thursday, after which the company’s website and much of its network went down. Late on Saturday, the company said in a brief statement that it ...
- Australia’s Qantas says cyber criminal contacts one week after data breach
July 7, 2025
A cyber criminal has made contact with Australia’s Qantas following a data breach last week that exposed personal information of six million customers, a company spokesperson told Reuters on Tuesday. The hacker had targeted a call centre and gained access to a third-party customer service platform containing the customers’ names, email addresses, phone numbers, birth dates ...
- Louis Vuitton Korea says systems breach led to customer data leak
July 4, 2025
A systems breach at Louis Vuitton Korea in June led to the leak of some of customer data including contact information, but did not involve customers’ financial information, the luxury brand’s South Korea unit said on Friday. “We regret to inform that an unauthorized third party temporarily accessed our system resulting in the leak of some ...
- French government hit by Chinese hackers exploiting Ivanti security flaws
July 4, 2025
In late 2024, Chinese state-sponsored threat actors abused multiple zero-day vulnerabilities in Ivanti Cloud Services Appliance (CSA) devices to access French government agencies, as well as numerous commercial entities such as telcos, finance, and transportation organizations. The news was recently confirmed by the French National Agency for the Security of Information Systems (ANSSI), which noted threat ...
- The people behind the pixels: why cybersecurity in critical industries is more human than ever
July 3, 2025
When the phone rings at 3am in the world of critical infrastructure cybersecurity, it’s rarely good news. For security professionals protecting water utilities, power grids, and transport networks, these midnight calls often signal that someone, somewhere, is trying to disrupt the services millions depend on. Recent ransomware attacks targeting water treatment facilities remind us that ...
- Taking SHELLTER: a commercial evasion framework abused in the wild
July 3, 2025
Elastic Security Labs is observing multiple campaigns that appear to be leveraging the commercial AV/EDR evasion framework, SHELLTER, to load malware. SHELLTER is marketed to the offensive security industry for sanctioned security evaluations, enabling red team operators to more effectively deploy their C2 frameworks against contemporary anti-malware solutions. SHELLTER, like many other offensive security tools (OSTs), is ...