North Korean state-sponsored threat actors are targeting macOS users with new malware, utilizing a strategy that combines two popular approaches – fake job ads, and ClickFix, experts have warned.
Security researchers Jamf confirmed they have spotted attacks in the wild using ClickFix, an attack method in which the victim is presented with a fake problem, and at the same time, presented with a fix. It is an evolution of the old “You have a virus” popup that dominated the internet in the early 2000’s. Jamf says ‘DPRK-aligned operators’ from the FlexibleFerret malware family have been creating fake companies, fake LinkedIn profiles and, most importantly – fake job ads, as part of a wider campaign called Contagious Interview.
Read more…
Source: TechRadar News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Trio-Tech International hit by ransomware attack
March 23, 2026
Trio-Tech International initially shrugged off a ransomware attack at a Singapore subsidiary as immaterial, only to reverse course days later after discovering stolen data had been disclosed. The California-based semiconductor testing and burn-in services outfit said it detected a ransomware incident at a Singapore subsidiary on March 11, which led to the encryption of “certain files” ...
- Three Supermicro employees charged with conspiracy to smuggle restricted Nvidia chips to China
March 20, 2026
A federal investigation has been launched after the US Department of Justice charged three individuals for allegedly smuggling restricted Nvidia AI chips to China. The three men were not named in court documents, however a statement released by Super Micro Computer Inc. identified those involved. The smuggling allegedly occurred between 2024 and 2025, with billions of ...
- CVE-2026-31381, CVE-2026-31382: Gainsight Assist Information Disclosure and Cross-Site Scripting (FIXED)
March 20, 2026
Rapid7 Labs recently identified a chain of security vulnerabilities in the Gainsight Assist plugin and its interactions with the associated domain app.gainsight.com. These vulnerabilities include an Information Disclosure flaw (CVE-2026-31381) and a Reflected Cross-Site Scripting (XSS) vulnerability (CVE-2026-31382). By chaining these vulnerabilities, an attacker can move from passive information gathering to active client-side exploitation. The XSS ...
- Russian Intelligence Services Target Commercial Messaging Application Accounts
March 20, 2026
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are jointly issuing this public service announcement (PSA) to warn the public about ongoing phishing campaigns by cyber actors associated with the Russian Intelligence Services (RIS) targeting commercial messaging applications (CMAs). RIS actors have compromised individual CMA accounts, but not CMAs’ encryption ...
- Government of Iran Cyber Actors Deploy Telegram C2 to Push Malware to Identified Targets
March 20, 2026
The Federal Bureau of Investigation (FBI) is releasing this FLASH to disseminate information on malicious cyber activity conducted by actors on behalf of the Government of Iran Ministry of Intelligence and Security (MOIS). Specifically, MOIS cyber actors are responsible for using Telegram as a command-and-control (C2) infrastructure to push malware targeting Iranian dissidents, journalists opposed to ...
- French naval officer’s jogging app logs Inadvertently expose France’s aircraft carrier location
March 20, 2026
The relentless pursuit of a personal best is a common motivator for athletes, but for one French naval officer, a routine morning run has now been linked to a national security scare. While the French military typically prides itself on stealth and strategic positioning, the precise coordinates of its flagship were recently broadcast worldwide via a ...