North Korean state-sponsored threat actors are targeting macOS users with new malware, utilizing a strategy that combines two popular approaches – fake job ads, and ClickFix, experts have warned.
Security researchers Jamf confirmed they have spotted attacks in the wild using ClickFix, an attack method in which the victim is presented with a fake problem, and at the same time, presented with a fix. It is an evolution of the old “You have a virus” popup that dominated the internet in the early 2000’s. Jamf says ‘DPRK-aligned operators’ from the FlexibleFerret malware family have been creating fake companies, fake LinkedIn profiles and, most importantly – fake job ads, as part of a wider campaign called Contagious Interview.
Read more…
Source: TechRadar News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Risks in Telecommunications IT
July 29, 2021
Telecommunications is just one aspect of a 200-year-old field of research in IT. In our latest report, “Islands of Telecoms: Risks in IT,” we liken this field to what seems to be separate islands that are in fact connected by a larger landmass underneath an ocean of IT. Indeed, the features of telecommunications might seem ...
- Haron and BlackMatter are the latest groups to crash the ransomware party
July 28, 2021
July has so far ushered in at least two new ransomware groups. Or maybe they’re old ones undergoing a rebranding. Researchers are in the process of running down several different theories. Both groups say they are aiming for big-game targets, meaning corporations or other large businesses with the pockets to pay ransoms in the millions of ...
- TA456 hackers built an elaborate online profile to fool their targets into downloading malware
July 28, 2021
Iranian hackers spent 18 months masquerading as an aerobics instructor in a cyber-espionage campaign designed to infect employees and contractors working in defence and aerospace with malware in order to steal usernames, passwords and other information which could be exploited. Active since at least 2019, the campaign used Facebook, Instagram and emails to pose as the ...
- Critical Microsoft Hyper-V bug could haunt orgs for a long time
July 28, 2021
Technical details are now available for a vulnerability that affects Hyper-V, Microsoft’s native hypervisor for creating virtual machines on Windows systems and in the Azure cloud computing environment. Currently tracked as CVE-2021-28476, the security issue has a critical severity score of 9.9 out of 10. Exploiting it on unpatched machines can have a devastating impact as ...
- DDoS attacks in Q2 2021
July 28, 2021
In terms of big news, Q2 2021 was relatively calm, but not completely eventless. For example, April saw the active distribution of a new DDoS botnet called Simps — the name under which it introduced itself to owners of infected devices. The malware creators promoted their brainchild on a specially set-up YouTube channel and Discord ...
- THOR: Previously Unseen PlugX Variant Deployed During Microsoft Exchange Server Attacks by PKPLUG Group
July 27, 2021
While monitoring the Microsoft Exchange Server attacks in March 2021, Unit 42 researchers identified a PlugX variant delivered as a post-exploitation remote access tool (RAT) to one of the compromised servers. The variant observed by Unit 42 is unique in that it contains a change to its core source code: the replacement of its trademark ...