North Korean state-sponsored threat actors are targeting macOS users with new malware, utilizing a strategy that combines two popular approaches – fake job ads, and ClickFix, experts have warned.
Security researchers Jamf confirmed they have spotted attacks in the wild using ClickFix, an attack method in which the victim is presented with a fake problem, and at the same time, presented with a fix. It is an evolution of the old “You have a virus” popup that dominated the internet in the early 2000’s. Jamf says ‘DPRK-aligned operators’ from the FlexibleFerret malware family have been creating fake companies, fake LinkedIn profiles and, most importantly – fake job ads, as part of a wider campaign called Contagious Interview.
Read more…
Source: TechRadar News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Threat Spotlight: Nuke Ransomware
February 19, 2020
Nuke ransomware, first identified in 2016, encrypts files with an AES 256-bit encryption key that is protected by asymmetrically encrypting it using 2048-bit RSA. Once a file is encrypted, Nuke changes the file name to a combination of random characters followed by a .nuclear55 extension. For example, an infected file name might be “ab0a+afbamcdEcmf.nuclear55”. Once Nuke executes it ...
- SMS Attack Spreads Emotet, Steals Bank Credentials
February 19, 2020
Attackers are sending SMS messages purporting to be from victims’ banks – but once they click on the links in the text messages, they are asked to hand over their banking credentials and download a file that infects their systems with the Emotet malware. Emotet has continued to evolve since its return in September, including a new, ...
- Five years after the Equation Group HDD hacks, firmware security still sucks
February 18, 2020
In a report published today, Eclypsium, a cyber-security firm specialized in firmware security, says that the issue of unsigned firmware is still a widespread problem among device and peripheral manufactures. According to researchers, many device makers still don’t sign the firmware they ship for their components. Furthermore, even if they sign a device’s firmware, they don’t ...
- Iran-Backed APTs Collaborate on 3-Year ‘Fox Kitten’ Global Spy Campaign
February 18, 2020
Two Iran-backed APTs could be working together on a sprawling, three-year campaign to compromise high-value organizations from the IT, telecom, oil and gas, aviation, government and security sectors in Israel and around the world, according to a report by researchers at ClearSky. They maintain, APT34/OilRig and APT33/Elfin appear to be linked to the campaign (which they ...
- Israeli soldiers tricked into installing malware by Hamas agents posing as women
February 17, 2020
Members of the Hamas Palestinian militant group have posed as young teenage girls to lure Israeli soldiers into installing malware-infected apps on their phones, a spokesperson for the Israeli Defence Force (IDF) said today. Some soldiers fell for the scam, but IDF said they detected the infections, tracked down the malware, and then took down Hamas’ ...
- LokiBot Impersonates Popular Game Launcher and Drops Compiled C# Code File
February 14, 2020
LokiBot, which has the ability to harvest sensitive data such as passwords as well as cryptocurrency information, proves that the actors behind it is invested in evolving the threat. In the past, we have seen a campaign that exploits a remote code execution vulnerability to deliver LokiBot using the Windows Installer service, a Lokibot variant that uses ISO ...