Wilson's Media

A Tech & Gaming Blog

This devious new macOS malware disguises itself as Chrome, Zoom installers

  • Apple has offered a patch for Ferret family malware
  • The malware is used in associated with the ‘Contagious Interview’ campaign
  • However some malware is still undetectable, so be on your guard

Apple has delivered a new patch on Xprotect, its on-device malware removal tool, intended to block several variants of the macOS ‘Ferret’ family of threats.

As reported by AppleInsider, the new update will counter several issues, including Ferret variants FRIENDLYFERRET_SECD, FROSTYFERRET_UI, and MULTI_FROSTYFERRET_CMDCODES.

These malware variants are reportedly used by North Korean hackers in what has been dubbed the ‘Contagious Interview’ campaign, in which criminals would create fake job openings, primarily targeting software developers or high–profile industries like defense, government departments, or aerospace. The new updates to Xprotect will help block this family of malware from Mac devices, here’s everything we know so far.

The Ferret Family

These fresh Ferret family variants have been observed by researchers to be associated with the ‘Contagious Interview’ campaign. This attack prompts targets to communicate with an interviewer through a link which would show an error message – urging victims to install or update a communication software for virtual meetings.

These ‘updates’ would be disguised as Chrome or Zoom installers, like ChromeUpdate and CameraAccess persistence modules (really FROSTYFERRET_UI). These apps install a malicious persistence agent which runs in the background and steals sensitive data from the victim.

The latest Xprotect update will block most known variants which are disguised as macOS system files – including com.apple.secd (FRIENDLYFERRET). However, not all FlexibleFerret variants can be detected, as the malware landscape evolves so quickly.

The campaign has been observed as far back as 2023, and has been attributed to the well known Lazarus hacking group, which has been observed running several malicious job campaigns to trick jobseekers into downloading malware or trojanized remote access tools.

The data these attackers can access is dependent on the device they infect. Aaron Walton, Threat Intelligence Analyst at Expel points out anyone who falls victim to an attack using their work device, unwittingly puts their organization at risk.

“Though these bad actors typically target people through job offers, it’s fairly common that the individual will run the malware on a corporate device,” he notes. “The attackers often know this and use it as a means to gain information from their target organization.”

Malware protection

At its origin, this is a social engineering campaign, so staying safe from these attacks is much easier if you can spot the signs. Social engineering attacks like phishing are often personalized, sometimes using information obtained from the dark web – obtained in a data breach, for example.

In this instance, the victims handed their information over as part of the ‘job application’ process, so thoroughly vetting any sites and companies you submit job applications to is really important.

Companies can’t stop phishing attacks, and human error will always put organizations at risk, so to mitigate the risks every company, no matter what size, needs a robust cybersecurity strategy. Take a look at our SMB cybersecurity checklist to make sure you’re covered.

“For organizations, it is important to have a strong defense-in-depth strategy—think of it as a multi-layered security fortress, where if one defense fails, another may stop the activity. That is, to defend the environment from many different angles. Employ endpoint detection, monitor networks, and empower employees to report suspicious activities”, Walton comments.

As with most cyberattacks, vigilance is key. New malware threats are rising faster than ever, so being able to spot the signs can help limit the damage. If your device is suddenly much slower than normal, frequently crashes, or randomly reboots those are all signs that your device may be infected.

Another tell-tale sign is persistent pop-ups. These often bogus ads are pretty harmless themselves, but clicking on them might take you to a malicious site, and the ads are often a sign your device is infected. For a more detailed explanation of what to look for, check out our guide here.

For anyone who thinks this may apply to them, check out our list for the best antivirus software, which can be really helpful in locating and removing malware, as well as protecting against repeat infections.

If you do find malware on your device, make sure to remove the infected program immediately. Alongside this, it’s a good idea to disconnect from the internet to prevent the malware from spreading.

You might also like


Source

Apple has offered a patch for Ferret family malware The malware is used in associated with the ‘Contagious Interview’ campaign However some malware is still undetectable, so be on your guard Apple has delivered a new patch on Xprotect, its on-device malware removal tool, intended to block several variants of…

Tags: ,
Previous Post
Next Post

Leave a Reply

Your email address will not be published. Required fields are marked *

Recent Posts

Archives