Summary: North Korean threat actors are delivering macOS malware known as FERRET through a deceptive job interview campaign called Contagious Interview. Targets are contacted via LinkedIn and manipulated into installing malicious software disguised as videoconferencing tools. The malware is capable of stealing sensitive information and creating backdoors for further exploitation.
Affected: Prospective job seekers and developers
Keypoints :
- FERRET malware is spread using fake npm packages and applications posing as video conferencing software.
- Attackers impersonate recruiters on LinkedIn to lure victims into a video assessment that triggers malware installation.
- The malware harvests sensitive data and can control victim systems, with techniques designed to evade detection.
- Propagation methods include opening fake issues on GitHub repositories to target a wider range of developers.
- Recent discoveries indicate the use of the BeaverTail malware to exfiltrate data across multiple operating systems.
Source: https://thehackernews.com/2025/02/north-korean-hackers-deploy-ferret.html