North Korean hackers are using fake job interviews to distribute FERRET malware, targeting macOS users. Be cautious of unsolicited job offers and software updates from unknown sources, especially those requiring you to install new software for virtual meetings.
Key takeaways:
🕵️ Targeting macOS: North Korean hackers associated with the Contagious Interview campaign are deploying FERRET, a suite of macOS-specific malware, through deceptive job interview processes.
🎭 Social Engineering: Victims are misled into installing fake software updates or applications like VCam or CameraAccess, which are purportedly needed for virtual job interviews.
🔄 Malware Components: The attack involves multiple stages, including deploying JavaScript-based malware named BeaverTail, which can lead to installing a Python backdoor called InvisibleFerret.
⚡ Attack Vectors: This campaign leverages npm packages and native applications masquerading as legitimate tools, highlighting the risks of supply chain attacks in software distribution.
🚨 Warning: This incident underscores the need for increased vigilance in accepting digital communications and software from unverified sources, particularly in professional contexts like job interviews.
iocs.txt: List of all Indicators of Compromise (IOCs) in the article.endpoint-iocs.txt: List of endpoint IOCs in the article.network-iocs.txt: List of network IOCs in the article.
Note
Use the following scripts in threat-hunting-scripts to help you hunt:
verify-iocs-vt.py: Verify IOCs using VirusTotal Community API.iocs-to-cs.py: Upload IOCs to CrowdStrike Falcon IOC Management for detection and blocking.