North Korean state-sponsored threat actors are targeting macOS users with new malware, utilizing a strategy that combines two popular approaches – fake job ads, and ClickFix, experts have warned.
Security researchers Jamf confirmed they have spotted attacks in the wild using ClickFix, an attack method in which the victim is presented with a fake problem, and at the same time, presented with a fix. It is an evolution of the old “You have a virus” popup that dominated the internet in the early 2000’s. Jamf says ‘DPRK-aligned operators’ from the FlexibleFerret malware family have been creating fake companies, fake LinkedIn profiles and, most importantly – fake job ads, as part of a wider campaign called Contagious Interview.
Read more…
Source: TechRadar News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Israeli hacker group takes responsibility for reported collapse of Wi-Fi in Iran
August 2, 2024
The Israeli hacker group, “We Red Evils Original”, took responsibility for reported WiFi outages in Iran, according to Israeli media on Thursday night. Shortly before reports in Iran, the group posted a message on their Telegram saying, ‘In the coming minutes, we will attack internet systems and providers in Iran. A severe blow is on the ...
- Fighting Ursa Luring Targets With Car for Sale
August 2, 2024
A Russian threat actor Palo Alto Unit 42 track as Fighting Ursa advertised a car for sale as a lure to distribute HeadLace backdoor malware. The campaign likely targeted diplomats and began as early as March 2024. Fighting Ursa (aka APT28, Fancy Bear and Sofacy) has been associated with Russian military intelligence and classified as an ...
- How “professional” ransomware variants boost cybercrime groups
August 1, 2024
Cybercriminals who specialize in ransomware do not always create it themselves. They have many other ways to get their hands on ransomware samples: buying a sample on the dark web, affiliating with other groups or finding a (leaked) ransomware variant. This requires no extraordinary effort, as source code is often leaked or published. With a set ...
- Report finds Apple devices fare the worst when it comes to full takeover risks
August 1, 2024
A worrying number of environments are vulnerable to complete takeover via escalated privileges, a new report from Picus Security has found. Environments were tested in simulated attacks, with the average organization managing to defend against 7 out of 10 attacks, but considering the constant threat presented by organized cybercrime groups, this leaves a serious margin for potential ...
- Threat Actor Abuses Cloudflare Tunnels to Deliver RATs
August 1, 2024
Proofpoint is tracking a cluster of cybercriminal threat activity leveraging Cloudflare Tunnels to deliver malware. Specifically, the activity abuses the TryCloudflare feature that allows an attacker to create a one-time tunnel without creating an account. Tunnels are a way to remotely access data and resources that are not on the local network, like using a virtual ...
- FBI Warns of Scammers Impersonating Cryptocurrency Exchanges
August 1, 2024
The FBI warns of scammers impersonating cryptocurrency exchange employees to steal funds. How the scam works: The scammer contacts the victim via an unsolicited call or message and pretends to be a cryptocurrency exchange employee. The scammer conveys urgency and may claim there is a problem with the victim’s account, or someone is attempting to compromise the victim’s ...