It was noted that the North Korean threats behind the contagious interview company providing the Apple MacOS malware collection, called “Ferret” as part of the intended interview process.
“Usually goals are asked to communicate with the interviewer at the link that throws an error message, and the request for installation or update the required software programs such as VCAM or Cameraaccess for virtual meetings,” – Researchers Sentinelone Phil Stokes and Tom Hegel – Note In a new report.
Infant interview, first discovered at the end of 2023 Persistent effort A hacking crew is carried out to deliver malicious software for future purposes through the NPM fictitious packages and native applications that are masked as video conferencing software. It is also monitored as deport development and Dev#Popper.
These attack chains are designed to reduce malicious JavaScript-based software as a Beavertail, which, in addition to a set of sensitive data from web browsers and crystals capable of delivering the back of the Python called Invisibibleferret.
In December 2024, the Japanese Cybersecurity Company NTT Security Holdings showed that the malicious JavaScript software was also set up to obtain and perform another malicious software known as Cockie Cookie.
The opening of the Ferrer’s malware family, first revealed at the end of 2024, suggests that the threat actuals actively sew their tactics from detecting.
Here includes acceptance Clickfix -style approach To trick users to copy and execute the malicious team on their Apple MacOS systems through the Terminal application to solve the problem with access to camera and microphone through web browser.
According to a security researcher Taylor Monakhan, which runs on the username @tayvano_, attacks center With the attackers approaching the goal on LinkedIn, acting as a recruiters and calling them to complete the video evaluation. Ultimate goal – give up a Rear and stealing on the base of Galan This is designed to drain the Metamask’s wallet and run the teams on the host.
Some of the components associated with malicious software have been called friendly Frostyfer_ui. Sentinelone said he had discovered another set of artifacts called flexibility that cares about the establishment of stability in the infected MacOS system by launching.
It is also designed to download uncertain useful load from the Command-Control server (C2) that no longer responds.
In addition, it is observed that the malware software “Fereta” was distributed by opening fake problems on legal GITHUB repositories, which once again indicates the diversification of its attack methods.
“This suggests that the threat subjects are pleased to expand the vectors by which they deliver malicious software outside a particular work -seeking work on developers as a whole,” the researchers said.
The disclosure of information occurs a few days after the supply network safety outlet, talked about the malicious NPM package called Postcss-Optioner, which contains the malicious Beavertail software. Library Remains are available To download from the NPM registry as of writing.
“Expressing yourself for the legitimate Postcss Library, which has more than 16 billion boot, the actor threats to infect the developers with the capacity theft and the use of data in Windows, MacOS and Linux Systems,”-security researchers Cyril Boychenko and Peter Van Der Zee Der Zee Der Zee Der Zee Der Zee Der Zee Der Zee – Note.
Development also follows revelation A new company installed by North Korea APT37 (AKA Starcru) actors that provided for the distribution of BOOBY documents using commercial companies for deployment Speed Malicious software and also spread them to other goals over group chats through the K Messenger Platform from the computers compressed user.
