North Korean state-sponsored threat actors are targeting macOS users with new malware, utilizing a strategy that combines two popular approaches – fake job ads, and ClickFix, experts have warned.
Security researchers Jamf confirmed they have spotted attacks in the wild using ClickFix, an attack method in which the victim is presented with a fake problem, and at the same time, presented with a fix. It is an evolution of the old “You have a virus” popup that dominated the internet in the early 2000’s. Jamf says ‘DPRK-aligned operators’ from the FlexibleFerret malware family have been creating fake companies, fake LinkedIn profiles and, most importantly – fake job ads, as part of a wider campaign called Contagious Interview.
Read more…
Source: TechRadar News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- RaHDIt hackers published data of Ukrainian spies
July 6, 2022
RaHDIt hackers have made public the data of one thousand employees of the Main Intelligence Directorate (GUR) of the military department of Ukraine. According to RIA Novosti, problems in protecting the networks of the Central Directorate of the Main Intelligence Directorate on Rybalsky Island in Kyiv helped in the formation of the database. Among the disclosed intelligence ...
- North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector
July 6, 2022
The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Department of the Treasury (Treasury) are releasing this joint Cybersecurity Advisory (CSA) to provide information on Maui ransomware, which has been used by North Korean state-sponsored cyber actors since at least May 2021 to target Healthcare and Public Health (HPH) Sector ...
- Ransomware, hacking groups move from Cobalt Strike to Brute Ratel
July 6, 2022
Hacking groups and ransomware operations are moving away from Cobalt Strike to the newer Brute Ratel post-exploitation toolkit to evade detection by EDR and antivirus solutions. Corporate cybersecurity teams commonly consist of employees who attempt to breach corporate networks (red team) and those who actively defend against them (blue team). Both teams then share notes after ...
- Security advisory accidentally exposes vulnerable systems
July 6, 2022
A security advisory for a vulnerability (CVE) published by MITRE has accidentally been exposing links to remote admin consoles of over a dozen vulnerable IP devices since at least April 2022. BleepingComputer became aware of this issue yesterday after getting tipped off by a reader who prefers to remain anonymous. The reader was baffled on seeing ...
- Hive ransomware gets upgrades in Rust
July 5, 2022
Hive ransomware is only about one year old, having been first observed in June 2021, but it has grown into one of the most prevalent ransomware payloads in the ransomware-as-a-service (RaaS) ecosystem. With its latest variant carrying several major upgrades, Hive also proves it’s one of the fastest evolving ransomware families, exemplifying the continuously changing ...
- AstraLocker ransomware shuts down and releases decryptors
July 4, 2022
The threat actor behind the lesser-known AstraLocker ransomware told BleepingComputer they’re shutting down the operation and plan to switch to cryptojacking. The ransomware’s developer submitted a ZIP archive with AstraLocker decryptors to the VirusTotal malware analysis platform. BleepingComputer downloaded the archive and confirmed that the decryptors are legitimate and working after testing one of them against files ...