North Korean state-sponsored threat actors are targeting macOS users with new malware, utilizing a strategy that combines two popular approaches – fake job ads, and ClickFix, experts have warned.
Security researchers Jamf confirmed they have spotted attacks in the wild using ClickFix, an attack method in which the victim is presented with a fake problem, and at the same time, presented with a fix. It is an evolution of the old “You have a virus” popup that dominated the internet in the early 2000’s. Jamf says ‘DPRK-aligned operators’ from the FlexibleFerret malware family have been creating fake companies, fake LinkedIn profiles and, most importantly – fake job ads, as part of a wider campaign called Contagious Interview.
Read more…
Source: TechRadar News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- APT41 Using New Speculoos Backdoor to Target Organizations Globally
April 13, 2020
On March 25, 2020, FireEye published a research blog regarding a global attack campaign operated by an espionage motivated adversary group known as APT41. This attack campaign was thought to have operated between January 20 and March 11, specifically targeting Citrix, Cisco, and Zoho network appliances via exploitation of recently disclosed vulnerabilities. Based on WildFire and AutoFocus ...
- “Twin Flower” Campaign Jacks Up Network Traffic, Downloads Files, Steals Data
April 13, 2020
A campaign dubbed as “Twin Flower” (rough translation from Chinese) has been detected by Jinshan security researchers in a report published in Chinese. Trend Micro also analyzed related samples, which are detected as PUA.Win32.BoxMini.A, Trojan.JS.TWINFLOWER.A, and TrojanSpy.JS.TWINFLOWER.A. The files are believed to be downloaded unknowingly by users when visiting malicious sites or dropped into the system by ...
- Hackers struggle morally and economically over Coronavirus
April 9, 2020
With the Coronavirus pandemic in full swing, threat actors are torn about how they should operate during the pandemic, and like everyone else, are also seeing a downturn in the underground hacker marketplace. In mid-March, BleepingComputer asked numerous ransomware operators whether they would stop targeting health care companies during the Coronavirus pandemic. Some operators stated they would no ...
- Unique P2P Architecture Gives DDG Botnet ‘Unstoppable’ Status
April 9, 2020
The coin-mining botnet known as DDG has seen a flurry of activity since the beginning of the year, releasing 16 different updates over the course of the past three months. Most notably, its operators have adopted a proprietary peer-to-peer (P2P) mechanism that has turned the DDG into a highly sophisticated, “seemingly unstoppable” threat, according to ...
- Copycat Site Serves Up Raccoon Stealer
April 9, 2020
Someone is targeting web denizens with a malicious, copycat Malwarebytes website, which serves up the Raccoon information stealer malware to unsuspecting visitors. According to the security firm itself, the attackers set up the domain “malwarebytes-freecom” with a domain registrar in Russia in late March. “We don’t expect to hear from either the registrar or hosting provider,” ...
- FIN6 and TrickBot Combine Forces in ‘Anchor’ Attacks
April 7, 2020
Researchers say, two cybercriminal groups, FIN6 and the operators of the TrickBot malware, have paired up together to target several organizations with TrickBot’s malware framework called “Anchor.” The two threat groups joining forces is a “new and dangerous twist” in an existing trend of cybercrime groups working together, say researchers with IBM X-Force. The FIN6 group (also known as “ITG08”) has ...