North Korean state-sponsored threat actors are targeting macOS users with new malware, utilizing a strategy that combines two popular approaches – fake job ads, and ClickFix, experts have warned.
Security researchers Jamf confirmed they have spotted attacks in the wild using ClickFix, an attack method in which the victim is presented with a fake problem, and at the same time, presented with a fix. It is an evolution of the old “You have a virus” popup that dominated the internet in the early 2000’s. Jamf says ‘DPRK-aligned operators’ from the FlexibleFerret malware family have been creating fake companies, fake LinkedIn profiles and, most importantly – fake job ads, as part of a wider campaign called Contagious Interview.
Read more…
Source: TechRadar News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Shifts in the Underground: The Impact of Water Kurita’s (Lumma Stealer) Doxxing
October 16, 2025
In September 2025, Trend Micro researchers noted a striking decline in new command and control infrastructure activity associated with Lummastealer (which Trend Micro tracks as Water Kurita), as well as a significant reduction in the number of endpoints targeted by this notorious malware. This sudden drop appears to align with a targeted underground exposure campaign that has ...
- The Rising Threat of Insider Recruitment in Ransomware Campaigns
October 15, 2025
In cybersecurity, we often say that attackers only need to be right once – and defenders need to be right every time. Traditionally, we’ve focused on perimeter breaches, phishing campaigns, and zero-day exploits. But increasingly, attackers are bypassing these hardened defenses and taking a different route: persuading someone on the inside to hand over the keys. ...
- Maverick: a new banking Trojan abusing WhatsApp in a mass-scale distribution
October 15, 2025
A malware campaign was recently detected in Brazil, distributing a malicious LNK file using WhatsApp. It targets mainly Brazilians and uses Portuguese-named URLs. To evade detection, the command-and-control (C2) server verifies each download to ensure it originates from the malware itself. The whole infection chain is complex and fully fileless, and by the end, it will ...
- Operation Zero Disco: Attackers Exploit Cisco SNMP Vulnerability to Deploy Rootkits
October 15, 2025
TrendResearch has detected an operation where attackers exploited a Cisco Simple Network Management Protocol (SNMP) vulnerability to install a rootkit on vulnerable network devices. The SNMP exploit referenced in Cisco’s latest advisory is CVE-2025-20352, which affects both 32-bit and 64-bit switch builds and can result in remote code execution (RCE). The operation targeted victims running older ...
- Satellites found exposing unencrypted data, including phone calls and some military comms
October 14, 2025
Security researchers have discovered that as many as half of all geostationary satellites in Earth’s orbit are carrying unencrypted sensitive consumer, corporate, and military information, making this data wide open to eavesdropping. The researchers at UC San Diego and the University of Maryland spent $800 on an off-the-shelf satellite receiver and pointed it at the sky ...
- Qantas says customer data released by cyber criminals months after cyber breach
October 12, 2025
Australia’s Qantas Airways said on Sunday that it was one of the companies whose customer data had been published by cybercriminals after it was stolen by a hacker in a July breach of a database containing the personal information of the airline’s customers. The airline said in July that more than a million customers had sensitive ...