Summary: Researchers have identified a new variant of macOS malware, “FlexibleFerret,” linked to North Korean state-sponsored threat actors utilizing a campaign named “Contagious Interview.” This variant exploits job interview scenarios to trick individuals into downloading malicious software, gaining potential access to sensitive corporate information. Unlike previous variants, FlexibleFerret evades detection by Apple’s security systems and was signed with a valid Apple Developer ID before being revoked.
Affected: macOS systems, job interview candidates, corporate information security
Keypoints :
- FlexibleFerret is part of the “Contagious Interview” campaign aimed at software developers and job seekers.
- The malware is not detected by XProtect and is signed with a valid developer ID, making it appear legitimate.
- The campaign has been observed targeting GitHub users through fake issues in legitimate repositories.
Source: https://www.cybersecuritydive.com/news/north-korean-hackers–fake-interview/739165/