Beware: New macOS Malware Posing as Chrome and Zoom Updates Target Job Seekers

North Korean Hackers Target macOS Users with New Malware

Security researchers at SentinelLabs have discovered new variants of the 'FlexibleFerret' malware family, which are being used in a campaign known as 'Contagious Interview.' The attackers pose as recruiters to trick job seekers into installing malicious software. This malware includes components that disguise themselves as legitimate app updates or installers for popular applications like Chrome and Zoom.

Apple has responded by updating its XProtect tool to block several variants of the malware, including FROSTYFERRET_UI, FRIENDLYFERRET_SECD, and MULTI_FROSTYFERRET_CMDCODES. However, some variants remain undetected, indicating the evolving nature of these threats.

The malware primarily spreads through social engineering tactics, such as fake job interviews that lead to seemingly legitimate app downloads. These apps install a persistence agent that runs in the background, stealing sensitive data and communicating with command-and-control servers via Dropbox.

To protect against these threats, Mac users should be cautious when downloading software from untrusted sources and consider using additional security solutions like Malwarebytes, Sophos Home, or CleanMyMac X.