North Korean state-sponsored threat actors are targeting macOS users with new malware, utilizing a strategy that combines two popular approaches – fake job ads, and ClickFix, experts have warned.
Security researchers Jamf confirmed they have spotted attacks in the wild using ClickFix, an attack method in which the victim is presented with a fake problem, and at the same time, presented with a fix. It is an evolution of the old “You have a virus” popup that dominated the internet in the early 2000’s. Jamf says ‘DPRK-aligned operators’ from the FlexibleFerret malware family have been creating fake companies, fake LinkedIn profiles and, most importantly – fake job ads, as part of a wider campaign called Contagious Interview.
Read more…
Source: TechRadar News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Space tech giant Maxar confirms hacker accessed employees’ personal data
November 18, 2024
U.S. space technology and satellite giant Maxar has confirmed a data breach involving the personal information of its employees, according to a filing with state regulators. The Colorado-headquartered Maxar operates imaging satellites and manufactures spacecraft, and claims to operate one of the largest commercial satellite constellations on orbit. Maxar has long been a significant provider of ...
- QuickBooks popup scam still being delivered via Google ads
November 18, 2024
Accounting software QuickBooks, by Intuit, is a popular target for India-based scammers, only rivaled for top spot by the classic Microsoft tech support scams. Malwarebytes Labs researchers seen two main lures, both via Google ads: the first one is simply a website promoting online support for QuickBooks and shows a phone number, while the latter requires ...
- Inside Water Barghest’s Rapid Exploit-to-Market Strategy for IoT Devices
November 18, 2024
There is a big incentive for both espionage motivated actors and financially motivated actors to set up proxy botnets. These can serve as an anonymization layer, which can provide plausibly geolocated IP addresses to scrape contents of websites, access stolen or compromised online assets, and launch cyber-attacks. Examples of proxy botnets set up by advanced persistent ...
- Palo Alto Releases Critical Security Bulletin for Firewall Devices
November 18, 2024
Palo Alto has issued a critical severity security bulletin for an unauthenticated remote command execution vulnerability affecting the management interface for firewall devices. The vulnerability is still under investigation by Palo Alto but has not yet received a CVE designation. Palo Alto has tentatively given the vulnerability an initial CVSSv4 score of 9.3. However, if access ...
- Don’t Hold Down The Ctrl Key – New Warning As Cyber Attacks Confirmed
November 18, 2024
Just as security professionals will tell you that layered defensive strategies are the best when it comes to staving off successful attacks, so attackers will often look to precisely the same when executing their cyber attacks. Two-step phishing attacks have, in the words of security researchers from Perception Point, “become a cornerstone of modern cybercrime,” leveraging ...
- T-Mobile Targeted in Chinese Cyber-Espionage
November 16, 2024
Chinese hackers feasted on T-Mobile as their latest cyber espionage victim. The leading carrier in the US is not the only company affected as other telecom giants are at risk of getting infiltrated. Hackers linked to a Chinese intelligence agency invaded T-Mobile’s network in a months-long operation designed to monitor cellphone communications of high-value intelligence targets, ...