North Korean state-sponsored threat actors are targeting macOS users with new malware, utilizing a strategy that combines two popular approaches – fake job ads, and ClickFix, experts have warned.
Security researchers Jamf confirmed they have spotted attacks in the wild using ClickFix, an attack method in which the victim is presented with a fake problem, and at the same time, presented with a fix. It is an evolution of the old “You have a virus” popup that dominated the internet in the early 2000’s. Jamf says ‘DPRK-aligned operators’ from the FlexibleFerret malware family have been creating fake companies, fake LinkedIn profiles and, most importantly – fake job ads, as part of a wider campaign called Contagious Interview.
Read more…
Source: TechRadar News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- DarkSide: New targeted ransomware demands million dollar ransoms
August 21, 2020
A new ransomware operation named DarkSide began attacking organizations earlier this month with customized attacks that have already earned them million-dollar payouts. Starting around August 10th, 2020, the new ransomware operation began performing targeted attacks against numerous companies. In a “press release” issued by the threat actors, they claim to be former affiliates who had made millions ...
- Diving Into End-to-End Deep Learning for Cybersecurity
August 21, 2020
The application of artificial intelligence (AI) across various industries has undeniably made significant improvements in the digital era. With the capability to interpret and make complex decisions based on data, AI technologies have enabled tasks or processes to function with human-like intelligence, enhancing the speed of and innovating business operations and adding valuable user experiences. The ...
- Transparent Tribe: Evolution analysis, part 1
August 20, 2020
Transparent Tribe, also known as PROJECTM and MYTHIC LEOPARD, is a highly prolific group whose activities can be traced as far back as 2013. Proofpoint published a very good article about them in 2016, and since that day, we have kept an eye on the group. We have periodically reported their activities through our APT ...
- Cisco Critical Flaw Patched in WAN Software Solution
August 19, 2020
Cisco patched a critical flaw in its wide area network (WAN) software solution for enterprises, which if exploited could give remote, unauthenticated attackers administrator privileges. The flaw exists in Cisco Virtual Wide Area Application Services (vWAAS), which is software that Cisco describes as a “WAN optimization solution.” It helps manage business applications that are being leveraged ...
- Airline DMARC Policies Lag, Opening Flyers to Email Fraud
August 19, 2020
More than half of global airlines do not have DMARC policies in place, opening their customers up to email fraud attacks, a new report found. DMARC (Domain-based Message Authentication, Reporting & Conformance) is considered the industry standard for email authentication to prevent attackers from sending mails with counterfeit addresses. It does so by authenticating the sender’s ...
- Threat Recap: Darkside, Crysis, Negasteal, Coinminer
August 19, 2020
In the past few weeks, we have spotted notable developments for different types of threats. For ransomware, a new family named Darkside surfaced, while operators behind Crysis/Dharma released a hacking toolkit. For messaging threats, a targeted email campaign was used to propagate Negasteal/Agent Tesla. Finally, for fileless threats, a coinminer was seen bundled with legitimate applications. Read ...