SentinelLabs researchers have discovered a new family of viruses targeting macOS computers. The new threat, dubbed FlexibleFerret by experts, is considered undetectable. Apple’s security mechanisms are not yet able to identify all malware.
Fake recruiters are trapping job seekers
The malware is being exploited as part of a wave of cyberattacks called “Contagious Interviews.” Hackers are posing as recruiters looking for a new employee. By communicating with job seekers during a job interview, cybercriminals will trick them into installing viruses on their Macs.
To fool their targets, hackers are slipping the virus into fake updates for Google Chrome and Zoom installers. Sometimes, the virus is also hidden in a fake "update for required software such as VCam or CameraAccess for virtual meetings".
Once FlexibleFerret has managed to penetrate the computer, the malware will add a backdoor into the operating system. This is the gateway to the installation of all possible viruses. The offensive results in the theft of sensitive data.
A valid developer certificate
FlexibleFerret relies on a valid developer certificate. This certificate, since revoked by Apple, allows the virus to bypass standard macOS protections and pass itself off as legitimate software.
To counter the threat, Apple has updated XProtect, the antivirus protection system integrated into macOS. It is programmed to detect and block known malware. When a file is downloaded or opened, macOS checks whether it matches a known threat based on the software’s signature. Once updated, the system is able to detect several versions of FlexibleFerret, SentinelLabs indicates. Some variants are still undetectable. The hackers have indeed responded by adapting the viruses so that XProtect remains inoperative.
Behind these cyberattacks are cybercriminals mandated by North Korea. Funded by the government of Kim Jong Un, the hackers have significant resources to carry out their operations. The attacks have been increasing since the winter of 2023, SentinelLabs estimates in its report.
The researchers specify having observed “a sharp increase” in viruses targeting Macs over the last year. Among the viruses in vogue are the "information stealers", designed to siphon all the data from a computer.
Source: SentinelOne
0 Comments