
Apple has already updated its on-device malware tool XProtect to block several variants of North Korea-attributed malware but researchers say they’ve discovered new samples that remain undetected.
The North Korea-related malware family called the macOS Ferret family was first described by researchers in December and January.
It’s allegedly part of the North Korean “Contagious Interview” campaign, in which threat actors lure targets to install malware through job interviews.
Targets are typically asked to communicate with an interviewer through a link that throws an error message and requests that they install or update some required piece of software, such as VCam or CameraAccess, for virtual meetings. Instead, of course, they were installing malware.
According to a new report by SentinelOne, a US cybersecurity company, Apple updated XProtect last week to target some components of this particular malware campaign.
But the researchers say some fresh samples, labeled by them as ‘FlexibleFerret’, exist and remain undetected. Attackers are even targeting developers, pushing them to download the FERRET family droppers.
“Diverse tactics help the threat actors deliver malware to a variety of targets in the developer community, both in targeted efforts and what appears to be more ‘scatter gun’ approaches via social media and code sharing sites like Github,” said SentinelOne in the update.
“This suggests that the threat actors are happy to expand the vectors by which they deliver the malware beyond the specific targeting of job seekers to developers more generally.”
Indicators present in the FERRET family of malware overlap with indicators seen in other North Korean campaigns, including the Hidden Risk campaign described recently by SentinelLabs.
According to a report from blockchain data platform Chainalysis, North Korea-affiliated cybercriminals stole approximately $1.34 billion in crypto across 47 incidents in 2024.
Stolen revenue generated by North Korean-backed illicit activities worldwide gets funneled back to the regime to pay for its national weapons programs, including weapons of mass destruction.
Your email address will not be published. Required fields are markedmarked