North Korean hackers are targeting Apple Mac devices once again with this devious malware — don’t fall for fake job interview scam

Mac users are being invited to fake job interviews again

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

North Korean state-sponsored threat actors are once again setting up fake job interviews in a bid to infect unsuspecting victims with infostealingmalware- but this time around, they are focusing onAppleusers.

Cybersecurity researcher Patrick Wardle recently discovered a new variant of BeaverTail, a known infostealer capable of grabbing sensitive information from webbrowsers(includingGoogleChrome, Brave, and Opera), cryptocurrencies, login credentials,iCloudKeychain, and more. BeaverTail can also serve as a dropper, deploying the InvisibleFerret backdoor for persistent remote access.

Themalwarewas given a filename “MiroTalk.dmg”, in an attempt to have people thinking they were downloading the MiroTalk video call service. DMG is an Apple macOS disk image file.

“Wily bunch”

“If I had to guess, the DPRK hackers likely approached their potential victims, requesting that they join a hiring meeting, by downloading and executing the (infected version of) MiroTalk hosted on mirotalk[.]net,” Wardle said.

This is not the first time North Korean hackers were observed running fake job campaigns. The infamous Lazarus group was seen doing it on multiple occasions, and at one point, it even managed to steal around $600 million from a cryptocurrency bridge project, after tricking a developer this way.

What makes this campaign interesting is that previously BeaverTail was distributed via malicious npm packages hosted on GitHub and npm.

“The North Korean hackers are a wily bunch and are quite adept at hacking macOS targets, even though their technique often rely on social engineering (and thus from a technical point of view are rather unimpressive),” Wardle said.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

In other words, the best way to remain secure is to be wary of incoming job offers, especially if they sound too good to be true. Whenever someone reaches out, either via LinkedIn or elsewhere, always do your due diligence and run a background check on the company that’s hiring and the people running the hiring process.

ViaTheHackerNews

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Cisco issues patch to fix serious flaw allowing possible industrial systems takeover

Washington state court systems taken offline following cyberattack

Another reason to avoid edge-lit 4K TVs: they may fail faster than others, according to this report