North Korean state-sponsored threat actors are targeting macOS users with new malware, utilizing a strategy that combines two popular approaches – fake job ads, and ClickFix, experts have warned.
Security researchers Jamf confirmed they have spotted attacks in the wild using ClickFix, an attack method in which the victim is presented with a fake problem, and at the same time, presented with a fix. It is an evolution of the old “You have a virus” popup that dominated the internet in the early 2000’s. Jamf says ‘DPRK-aligned operators’ from the FlexibleFerret malware family have been creating fake companies, fake LinkedIn profiles and, most importantly – fake job ads, as part of a wider campaign called Contagious Interview.
Read more…
Source: TechRadar News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Chinese hackers use decade-old Bisonal Trojan in cyberespionage campaigns
March 5, 2020
Chinese cyberattackers continue to improve and deploy a decade-old Remote Access Trojan (RAT) in ongoing campaigns against Russian, Japanese, and South Korean targets. On Thursday, researchers from Cisco Talos said that the Bisonal RAT is an unusual sample of malware that has been improved, rolled back, and refined over a period of 10 years, an uncommon practice by ...
- DoppelPaymer Ransomware Used to Steal Data from Supplier to SpaceX, Tesla
March 3, 2020
A company that provides custom parts to aerospace giants Lockheed Martin, SpaceX and Boeing, has been the target of an attack by an emerging type of ransomware that can both encrypt files and exfiltrate data. Colorado-based Visser Precision said it was targeted by a “cyber incident” that involved the attacker accessing and stealing company data after a security ...
- Cobalt Ulster Strikes Again With New ForeLord Malware
March 3, 2020
A new credential-stealing malware, dubbed ForeLord, has been uncovered in a recent spear phishing campaign. Researchers tie the attack to a known advanced persistence threat (APT) group known as Cobalt Ulster. The emails distributing ForeLord were uncovered as part of a campaign, running between mid-2019 and mid-January 2020. The emails were targeting organizations in Turkey, Jordan, Iraq, as ...
- GuLoader: Malspam Campaign Installing NetWire RAT
March 3, 2020
NetWire is a publicly-available RAT that has been used by criminal organizations and other malicious groups since 2012. NetWire is distributed through various campaigns, and we usually see it sent through malicious spam (malspam). GuLoader is a file downloader that was first discovered in December 2019, and it has been used to distribute a wide variety of remote ...
- Molerats Delivers Spark Backdoor to Government and Telecommunications Organizations
March 3, 2020
Between October 2019 through the beginning of December 2019, Unit 42 observed multiple instances of phishing attacks likely related to a threat group known as Molerats (AKA Gaza Hackers Team and Gaza Cybergang) targeting eight organizations in six different countries in the government, telecommunications, insurance and retail industries, of which the latter two were quite ...
- TrickBot Adds ActiveX Control, Hides Dropper in Images
March 2, 2020
The TrickBot banking trojan has gotten trickier, with the addition of a Windows 10 ActiveX control to execute malicious macros in boobytrapped documents. Michael Gorelik, researcher at Morphisec Labs, said that at least two dozen documents have come to light in the last few weeks that use ActiveX—a feature in Remote Desktop Protocol (RDP) – to ...