North Korean hackers are targeting Apple Mac devices once again with this devious malware — don't fall for fake job interview scam

Magnifying glass enlarging the word 'malware' in computer machine code

(Image credit: Shutterstock)

North Korean state-sponsored threat actors are once again setting up fake job interviews in a bid to infect unsuspecting victims with infostealing malware - but this time around, they are focusing on Apple users.

Cybersecurity researcher Patrick Wardle recently discovered a new variant of BeaverTail, a known infostealer capable of grabbing sensitive information from web browsers (including Google Chrome, Brave, and Opera), cryptocurrencies, login credentials, iCloud Keychain, and more. BeaverTail can also serve as a dropper, deploying the InvisibleFerret backdoor for persistent remote access.

The malware was given a filename “MiroTalk.dmg”, in an attempt to have people thinking they were downloading the MiroTalk video call service. DMG is an Apple macOS disk image file.

"Wily bunch"

"If I had to guess, the DPRK hackers likely approached their potential victims, requesting that they join a hiring meeting, by downloading and executing the (infected version of) MiroTalk hosted on mirotalk[.]net," Wardle said.

This is not the first time North Korean hackers were observed running fake job campaigns. The infamous Lazarus group was seen doing it on multiple occasions, and at one point, it even managed to steal around $600 million from a cryptocurrency bridge project, after tricking a developer this way.

What makes this campaign interesting is that previously BeaverTail was distributed via malicious npm packages hosted on GitHub and npm.

"The North Korean hackers are a wily bunch and are quite adept at hacking macOS targets, even though their technique often rely on social engineering (and thus from a technical point of view are rather unimpressive)," Wardle said.

In other words, the best way to remain secure is to be wary of incoming job offers, especially if they sound too good to be true. Whenever someone reaches out, either via LinkedIn or elsewhere, always do your due diligence and run a background check on the company that’s hiring and the people running the hiring process.

Via TheHackerNews

More from TechRadar Pro

Watch out - that amazing job offer could actually just be a crypto-stealing scam, Microsoft warns
Here's a list of the best firewalls around today
These are the best endpoint security tools right now

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.