North Korean state-sponsored threat actors are targeting macOS users with new malware, utilizing a strategy that combines two popular approaches – fake job ads, and ClickFix, experts have warned.
Security researchers Jamf confirmed they have spotted attacks in the wild using ClickFix, an attack method in which the victim is presented with a fake problem, and at the same time, presented with a fix. It is an evolution of the old “You have a virus” popup that dominated the internet in the early 2000’s. Jamf says ‘DPRK-aligned operators’ from the FlexibleFerret malware family have been creating fake companies, fake LinkedIn profiles and, most importantly – fake job ads, as part of a wider campaign called Contagious Interview.
Read more…
Source: TechRadar News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Luna and Black Basta – new ransomware for Windows, Linux and ESXi
July 20, 2022
In Kaspersky crimeware reporting service, they analyze the latest crime-related trends we come across. If Kaspersky look back at what they covered last month, they will see that ransomware (surprise, surprise!) definitely stands out. In this blog post, Kaspersky researchers provide several excerpts from last month’s reports on new ransomware strains. Last month, Kaspersky Darknet Threat ...
- Analyzing Penetration-Testing Tools That Threat Actors Use to Breach Systems and Steal Data
July 20, 2022
The use of legitimate Windows tools as part of malicious actors’ malware arsenal has become a common observation in cyber incursions in recent years. We’ve discussed such use in a previous article where PsExec, Windows Management Instrumentation (WMI), simple batch files or third-party tools such as PC Hunter and Process Hacker were used to disable ...
- Russian cyber spies targeting NATO countries in new hacking campaign
July 19, 2022
Cyber spies suspected of working for Russia’s foreign intelligence service (SVR) are targeting NATO countries in a recent hacking campaign, according to a new industry report. The hackers are using online storage services such as Google Drive and Dropbox to avoid being detected, said cyber security company Palo Alto. The hacking attempts have included phishing emails containing ...
- Hacking group ‘8220’ grows cloud botnet to more than 30,000 hosts
July 19, 2022
A cryptomining gang known as 8220 Gang has been exploiting Linux and cloud app vulnerabilities to grow their botnet to more than 30,000 infected hosts. The group is a low-skilled, financially-motivated actor that infects AWS, Azure, GCP, Alitun, and QCloud hosts after targeting publicly available systems running vulnerable versions of Docker, Redis, Confluence, and Apache. Previous attacks ...
- New CloudMensis malware backdoors Macs to steal victims’ data
July 19, 2022
Unknown threat actors are using previously undetected malware to backdoor macOS devices and exfiltrate information in a highly targeted series of attacks. ESET researchers first spotted the new malware in April 2022 and named it CloudMensis because it uses pCloud, Yandex Disk, and Dropbox public cloud storage services for command-and-control (C2) communication. CloudMensis’ capabilities clearly show that ...
- Roaming Mantis hits Android and iOS users in malware, phishing attacks
July 19, 2022
After hitting Germany, Taiwan, South Korea, Japan, the US, and the U.K. the Roaming Mantis operation moved to targeting Android and iOS users in France, likely compromising tens of thousands of devices. Roaming Mantis is believed to be a financially-motivated threat actor that started targeting European users in February. In a recently observed campaign, the threat actor ...