North Korean state-sponsored threat actors are targeting macOS users with new malware, utilizing a strategy that combines two popular approaches – fake job ads, and ClickFix, experts have warned.
Security researchers Jamf confirmed they have spotted attacks in the wild using ClickFix, an attack method in which the victim is presented with a fake problem, and at the same time, presented with a fix. It is an evolution of the old “You have a virus” popup that dominated the internet in the early 2000’s. Jamf says ‘DPRK-aligned operators’ from the FlexibleFerret malware family have been creating fake companies, fake LinkedIn profiles and, most importantly – fake job ads, as part of a wider campaign called Contagious Interview.
Read more…
Source: TechRadar News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Russian hackers had months-long access to Denmark’s central bank
June 29, 2021
Russian state hackers compromised Denmark’s central bank (Danmarks Nationalbank) and planted malware that gave them access to the network for more than half a year without being detected. The breach was part of the SolarWinds cyber espionage campaign last year that the U.S. attributed to the Russian Foreign Intelligence Service, the SVR, through its hacking division ...
- New ransomware highlights widespread adoption of Golang language by cyberattackers
June 29, 2021
A new ransomware strain that utilizes Golang highlights the programming language’s increasing adoption by threat actors. CrowdStrike secured a sample of a new ransomware variant, as of yet unnamed, that borrows features from HelloKitty/DeathRansom and FiveHands. These ransomware strains are thought to have been active since 2019 and have been linked to attacks against the maker of ...
- Hackers use zero-day to mass-wipe My Book Live devices
June 29, 2021
A zero-day vulnerability in Western Digital My Book Live NAS devices allowed a threat actor to perform mass-factory resets of devices last week, leading to data loss. Last week, we broke the story that Western Digital My Book Live NAS owners suddenly discovered that their stored files had mysteriously disappeared. Unfortunately, the factory reset also reset ...
- REvil ransomware’s new Linux encryptor targets ESXi virtual machines
June 28, 2021
The REvil ransomware operation is now using a Linux encryptor that targets and encrypts Vmware ESXi virtual machines. With the enterprise moving to virtual machines for easier backups, device management, and efficient use of resources, ransomware gangs increasingly create their own tools to mass encrypt storage used by VMs. In May, Advanced Intel’s Yelisey Boguslavskiy shared a ...
- Analyzing CVE-2021-1665 – Remote Code Execution Vulnerability in Windows GDI+
June 28, 2021
Microsoft Windows Graphics Device Interface+, also known as GDI+, allows various applications to use different graphics functionality on video displays as well as printers. Windows applications don’t directly access graphics hardware such as device drivers, but they interact with GDI, which in turn then interacts with device drivers. In this way, there is an abstraction ...
- Nefilim Ransomware Attack Through a MITRE Att&ck Lens
June 28, 2021
Nefilim is among a new breed of ransomware families that use advanced techniques for a more targeted and virulent attack. It is operated by a group that we track under the intrusion set “Water Roc”. This group combines advanced techniques with legitimate tools to make them significantly harder to detect and respond before it is ...