Microsoft experts warn North Korean attackers target macOS users with ‘a highly reliable infection chain’ to steal passwords, financial data and more — here’s how to stay safe
- Microsoft warns North Korean Sapphire Sleet (APT38) targeting Western businesses with fake job scams
- Malicious Zoom lookalike drops infostealers to steal cryptocurrency
- Campaign focuses on macOS users; Apple pushed automatic protections to block attacks
North Korean state-sponsored threat actors called Sapphire Sleet are targeting businesses in the west with infostealer malware in an attempt to nab their cryptocurrencies, experts have warned.
Security analysts from Microsoft said the group, also known as APT38, and most likely a spinoff from the infamous Lazarus Group, has been at it since at least 2020, and has employed one of the most successful techniques in its arsenal – fake jobs.
Sapphire Sleet would create a whole slew of fake, nonexistent things on social media: companies, recruiters, job ads, and anything else needed to make the scam look like a legitimate hiring attempt – with the victims are then approached, either via email or different social media channels, and offered the job (with enticing compensation offers).
Article continues below
Attacking humans
During the process, however, the “recruiters” would ask the victim to join a Zoom video call, but the software used is not the real Zoom – instead, it is a fake, malicious version, designed to drop an infostealer on the device.
Speaking about the report, Sherrod DeGrippo, Microsoft global threat intelligence GM, told The Register why crooks focus on attacking the human, rather than the system: “Social engineering lets attackers route around hardened perimeters by convincing users to act on their behalf, turning a human into the vulnerability. It’s low-cost, hard to patch, and scales well,” DeGrippo explained.
“Users are conditioned to accept remote support interactions like downloading tools, following instructions, clicking prompts,” she added. “Attackers exploit this familiarity to make malicious actions feel routine, lowering victim skepticism at the critical moment of compromise.”
The campaign targets macOS users, it was said. Microsoft reached out to Apple, who added “platform-level protections” to help detect and block the malware and the infrastructure it uses. The updates were sent out automatically, meaning users need not update manually.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
Microsoft warns North Korean Sapphire Sleet (APT38) targeting Western businesses with fake job scams Malicious Zoom lookalike drops infostealers to steal cryptocurrency Campaign focuses on macOS users; Apple pushed automatic protections to block attacks North Korean state-sponsored threat actors called Sapphire Sleet are targeting businesses in the west with infostealer…
