North Korean state-sponsored threat actors are targeting macOS users with new malware, utilizing a strategy that combines two popular approaches – fake job ads, and ClickFix, experts have warned.
Security researchers Jamf confirmed they have spotted attacks in the wild using ClickFix, an attack method in which the victim is presented with a fake problem, and at the same time, presented with a fix. It is an evolution of the old “You have a virus” popup that dominated the internet in the early 2000’s. Jamf says ‘DPRK-aligned operators’ from the FlexibleFerret malware family have been creating fake companies, fake LinkedIn profiles and, most importantly – fake job ads, as part of a wider campaign called Contagious Interview.
Read more…
Source: TechRadar News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Loki Delivered as CAB File Attachment
April 22, 2020
We found in our honeypot a spam sample that delivers the info stealer Loki through an attached Windows Cabinet (CAB) file. The email that bears the malicious file poses as a quotation request to trick the user into executing the binary file inside the CAB file. CAB is a compressed archive file format usually associated with various drivers, system ...
- APT32 Targeting Wuhan Government and Chinese Ministry of Emergency Management
April 22, 2020
From at least January to April 2020, suspected Vietnamese actors APT32 carried out intrusion campaigns against Chinese targets that Mandiant Threat Intelligence believes was designed to collect intelligence on the COVID-19 crisis. Spear phishing messages were sent by the actor to China’s Ministry of Emergency Management as well as the government of Wuhan province, where COVID-19 ...
- Security researcher discloses four IBM zero-days after company refused to patch
April 21, 2020
A security researcher has published today details about four zero-day vulnerabilities impacting an IBM security product after the company refused to patch bugs following a private bug disclosure attempt. The bugs impact the IBM Data Risk Manager (IDRM), an enterprise security tool that aggregates feeds from vulnerability scanning tools and other risk management tools to let admins ...
- Oil and Gas Firms Targeted With Agent Tesla Spyware
April 21, 2020
Attackers are targeting energy companies with the Agent Tesla spyware, as seen in recent spearphishing emails with malicious attachments. Researchers say that until now, Agent Tesla has not been associated with campaigns targeting the oil-and-gas vertical. The emails leverage the tumultuous nature of today’s oil and gas markets, which have been under tremendous stress in recent weeks, as ...
- Australian Health Insurance-Themed Spam Spreads Ursnif
April 21, 2020
Trend Micro researchers encountered a spam campaign referencing the Australian health insurance brand Medicare. The attachment, which Trend Micro detects as Trojan.X97M.URSNIF.THDAEBO, downloads the malicious file (detected as TrojanSpy.Win32.URSNIF.THDAEBO). The campaign aims to spread the spyware Ursnif, also known as Gozi. The email headers pertain to payment transactions with the words “Statement,” “Invoice,” or “Transaction,” and include a ...
- Starbleed bug impacts FPGA chips used in data centers, IoT devices, industrial equipment
April 20, 2020
A team of academics says they’ve discovered a new security bug that impacts Xilinx FPGA (Field Programmable Gate Arrays) chipsets. Named Starbleed, the bug allows attackers — with both physical or remote access — to extract and tamper with an FGPA’s bitstream (configuration file) to reprogram the chip with malicious code. FPGAs are add-in cards that can ...