- Apple offered a patch for malware from the Ferret family
- Malware is used in associated with the “contagious interview” campaign
- However, some malicious software is always undetectable, so be on your guard
Apple has delivered a new correction on Xprotect, its malware removal tool on Disvise, intended to block several variants of the family of “ferret” macOS threats.
As reported by Appleinsider, the new update counter several problems, including Ferret Variants Friendlyferret_secd, Frostyferret_ui and Multi_Frostyferret_cmdcodes.
These variants of malicious software would have been used by North Korean pirates in what was nicknamed the campaign “ Contagieuse interview ”, in which criminals would create false employment openings, mainly targeting software developers or industries high profile such as defense, government services or aerospace. The new Xprotect updates will help block this family of malicious software from Mac devices, here is everything we know so far.
The Ferret family
These variants of the family of fresh ferrets were observed by the researchers to be associated with the “contagious interview” campaign. This attack invites targets to communicate with an interviewer via a link that would show an error message – urging victims to install or update communication software for virtual meetings.
These “updates” would be disguised as chrome or zoom installers, such as the Chromeupdate and Cameraccess persistence modules (really frostyferret_ui). These applications install an agent of malicious persistence that runs in the background and steals data sensitive to the victim.
The latest Xprotect update will block most of the known variants that are disguised as MacOS system files – including com.apple.secd (Friendlyferret). However, not all flexible vessels can be detected, as the landscape of malware evolves so quickly.
The campaign was observed in 2023 and was allocated to the well -known Lazarus hacking group, which was observed carrying out several malicious employment campaigns to encourage job seekers in downloading malware or tools distant remote access.
The data to which attackers can access depends on the device they infect. Aaron Walton, an information analyst on expoul threats, said anyone who is the victim of an attack using his work apparatus, endangered his organization in danger.
“Although these bad players generally target people through job offers, it is quite common for the individual to execute malware on a corporate device,” he noted. “Attackers often know it and use it as a way to obtain information from their target organization.”
Protection against malware
At its origin, it is a social engineering campaign, so staying safe from these attacks is much easier if you can locate the signs. Social engineering attacks and phishing are often personalized, sometimes using information obtained from the dark web – obtained in a data violation, for example.
In this case, the victims gave their information within the framework of the “job request” process, therefore fully in verification of all the sites and companies to which you submit job requests is really important.
Companies cannot stop phishing attacks, and human errors will always endanger organizations, in order to mitigate the risks of each business, whatever the size, needs a robust cybersecurity strategy. Take a look at our SMB cybersecurity control list to make sure you are covered.
“For organizations, it is important to have a solid depth defense strategy-consider yourself as a multilayer security fortress, where if one defense fails, another can stop activity. Say to defend the environment against many different angles.
As with most cyber attacks, vigilance is the key. New threats of malicious software increases faster than ever, so being able to spot the panels can help limit damage. If your device is suddenly much slower than normal, is blocked frequently or restart at random, these are all signs that your device can be infected.
Another revealing sign is persistent pop-ups. These often false announcements are themselves quite harmless, but click on them can take you to a malicious site, and the announcements are often a sign that your device is infected. For a more detailed explanation of what to look for, see our guide here.
For anyone who thinks that this can apply to them, consult our list for the best antivirus software, which can be very useful to locate and delete malware, as well as to protect repeated infections.
If you find malware on your device, be sure to immediately delete the infected program. At the same time, it is a good idea to disconnect from the Internet to prevent malware from spreading.
