North Korean Threat Actors Use Fake Job Interviews to Spread macOS Malware
February 4, 2025
By Ravie Lakshmanan
Malware / Cryptocurrency
North Korean threat actors behind the Contagious Interview campaign have been observed delivering a collection of Apple macOS malware strains dubbed FERRET as part of a supposed job interview process. The campaign targets developers, who are asked to communicate with the threat actors through email.
Impersonating Legitimate Software
By impersonating the legitimate postcss library, which has over 16 billion downloads, the threat actor aims to infect developers’ systems with credential-stealing and data-exfiltration capabilities across Windows, macOS, and Linux systems. Security researchers Kirill Boychenko and Peter van der Zee said, "The threat actor aims to infect developers’ systems with credential-stealing and data-exfiltration capabilities across Windows, macOS, and Linux systems."
Connection to APT37 Threat Actor
The development also follows the discovery of a new campaign mounted by the North Korea-aligned APT37 (aka ScarCruft) threat actor that involved distributing booby-trapped documents via spear-phishing campaigns to deploy the RokRAT malware, as well as propagate them to other targets over group chats through the K Messenger platform from the compromised user’s computer.
Read More
If you found this article interesting, follow us on Twitter and LinkedIn to read more exclusive content we post.
