1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • This devious new macOS malware disguises itself as Chrome, Zoom i

    From TechnologyDaily@1337:1/100 to All on Wed Feb 5 19:15:07 2025
    This devious new macOS malware disguises itself as Chrome, Zoom installers

    Date:
    Wed, 05 Feb 2025 19:02:00 +0000

    Description:
    Threat actors are using malware dubbed FlexibleFerret to target victims.

    FULL STORY ======================================================================Apple has offered a patch for Ferret family malware The malware is used in associated with the 'Contagious Interview' campaign However some malware is still undetectable, so be on your guard

    Apple has delivered a new patch on Xprotect, its on-device malware removal tool, intended to block several variants of the macOS Ferret family of threats.

    As reported by AppleInsider , the new update will counter several issues, including Ferret variants FRIENDLYFERRET_SECD, FROSTYFERRET_UI, and MULTI_FROSTYFERRET_CMDCODES.

    These malware variants are reportedly used by North Korean hackers in what
    has been dubbed the Contagious Interview campaign, in which criminals would create fake job openings, primarily targeting software developers or highprofile industries like defense, government departments, or aerospace.
    The new updates to Xprotect will help block this family of malware from Mac devices, heres everything we know so far. The Ferret Family

    These fresh Ferret family variants have been observed by researchers to be associated with the Contagious Interview campaign. This attack prompts targets to communicate with an interviewer through a link which would show an error message - urging victims to install or update a communication software for virtual meetings.

    These updates would be disguised as Chrome or Zoom installers, like ChromeUpdate and CameraAccess persistence modules (really FROSTYFERRET_UI). These apps install a malicious persistence agent which runs in the background and steals sensitive data from the victim.

    The latest Xprotect update will block most known variants which are disguised as macOS system files - including com.apple.secd (FRIENDLYFERRET). However, not all FlexibleFerret variants can be detected, as the malware landscape evolves so quickly.

    The campaign has been observed as far back as 2023, and has been attributed
    to the well known Lazarus hacking group, which has been observed running several malicious job campaigns to trick jobseekers into downloading malware or trojanized remote access tools.

    The data these attackers can access is dependent on the device they infect. Aaron Walton, Threat Intelligence Analyst at Expel points out anyone who
    falls victim to an attack using their work device, unwittingly puts their organization at risk.

    "Though these bad actors typically target people through job offers, its fairly common that the individual will run the malware on a corporate
    device," he notes. "The attackers often know this and use it as a means to gain information from their target organization." Malware protection

    At its origin, this is a social engineering campaign , so staying safe from these attacks is much easier if you can spot the signs. Social engineering attacks like phishing are often personalized, sometimes using information obtained from the dark web - obtained in a data breach, for example.

    In this instance, the victims handed their information over as part of the
    job application process, so thoroughly vetting any sites and companies you submit job applications to is really important.

    Companies can't stop phishing attacks, and human error will always put organizations at risk, so to mitigate the risks every company, no matter what size, needs a robust cybersecurity strategy. Take a look at our SMB cybersecurity checklist to make sure you're covered.

    "For organizations, it is important to have a strong defense-in-depth strategythink of it as a multi-layered security fortress, where if one
    defense fails, another may stop the activity. That is, to defend the environment from many different angles. Employ endpoint detection, monitor networks, and empower employees to report suspicious activities", Walton comments.

    As with most cyberattacks, vigilance is key. New malware threats are rising faster than ever, so being able to spot the signs can help limit the damage. If your device is suddenly much slower than normal, frequently crashes, or randomly reboots those are all signs that your device may be infected.

    Another tell-tale sign is persistent pop-ups. These often bogus ads are
    pretty harmless themselves, but clicking on them might take you to a
    malicious site, and the ads are often a sign your device is infected. For a more detailed explanation of what to look for, check out our guide here .

    For anyone who thinks this may apply to them, check out our list for the best antivirus software , which can be really helpful in locating and removing malware, as well as protecting against repeat infections.

    If you do find malware on your device, make sure to remove the infected program immediately. Alongside this, its a good idea to disconnect from the internet to prevent the malware from spreading. You might also like Check out our list of the best AI tools around today Everyone will experience a hack - how incident response can protect your organization We've also rounded up the best malware removal software on offer right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/this-devious-new-macos-malware-disguise s-itself-as-chrome-zoom-installers


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)