North Korean state-sponsored threat actors are targeting macOS users with new malware, utilizing a strategy that combines two popular approaches – fake job ads, and ClickFix, experts have warned.
Security researchers Jamf confirmed they have spotted attacks in the wild using ClickFix, an attack method in which the victim is presented with a fake problem, and at the same time, presented with a fix. It is an evolution of the old “You have a virus” popup that dominated the internet in the early 2000’s. Jamf says ‘DPRK-aligned operators’ from the FlexibleFerret malware family have been creating fake companies, fake LinkedIn profiles and, most importantly – fake job ads, as part of a wider campaign called Contagious Interview.
Read more…
Source: TechRadar News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Nation-State Attackers Actively Target COVID-19 Vaccine-Makers
November 13, 2020
Three nation-state cyberattack groups are actively attempting to hack companies involved in COVID-19 vaccine and treatment research, researchers said. Russia’s APT28 Fancy Bear, the Lazarus Group from North Korea and another North Korea-linked group dubbed Cerium are believed to be behind the ongoing assaults. According to Tom Burt, corporate vice president of Customer Security and Trust ...
- Spam and phishing in Q3 2020
November 12, 2020
Worming their way in: cybercriminal tricks of the trade These days, many companies distribute marketing newsletters via online platforms. In terms of capabilities, such platforms are quite diverse: they send out advertising and informational messages, harvest statistics (for example, about clicked links in emails), and the like. At the same time, such services attract both spammers, ...
- New ModPipe malware targets hospitality, hotel point of sale systems
November 12, 2020
A new Point-of-Sale (PoS) malware is targeting devices used by “hundreds of thousands” of organizations in the hospitality sector, researchers have warned. Dubbed ModPipe, the malware is a backdoor able to harvest sensitive information in PoS devices running Oracle Micros Restaurant Enterprise Series (RES) 3700, management software that is particularly popular in the United States. RES 3700 ...
- Targeted ransomware: it’s not just about encrypting your data!
November 11, 2020
When we talk about ransomware, we need to draw a line between what it used to be and what it currently is. Why? Because nowadays ransomware is not just about encrypting data – it’s primarily about data exfiltration. After that, it’s about data encryption and leaving convincing proof that the attacker was in the network, ...
- Ragnar Locker Ransomware Gang Takes Out Facebook Ads in Key New Tactic
November 11, 2020
The Ragnar Locker ransomware group has decided to ratchet up the pressure on its latest high-profile victim, Italian liquor conglomerate Campari, by taking out Facebook ads threatening to release the 2TB of sensitive data it stole in a Nov. 3 attack – unless a $15 million ransom is paid in Bitcoin. Campari Group, which is behind ...
- High-Severity Cisco DoS Flaw Can Immobilize ASR Routers
November 11, 2020
A high-severity flaw in Cisco’s IOS XR software could allow unauthenticated, remote attackers to cripple Cisco Aggregation Services Routers (ASR). The flaw stems from Cisco IOS XR, a train of Cisco Systems’ widely deployed Internetworking Operating System (IOS). The OS powers the Cisco ASR 9000 series, which are fully distributed routers engineered to address massive surges ...