- Microsoft warns that North Korean slush Sapphire Sleet (APT38) targets Western companies with fake job scams
- Zoom’s malicious doppelganger launches data thieves to steal cryptocurrencies
- The campaign focuses on macOS users; Apple boosted automatic protections to block attacks
Experts have warned that North Korean state-sponsored threat actors called Sapphire Sleet are targeting companies in the West with data-stealing malware in an attempt to seize their cryptocurrencies.
Microsoft security analysts said the group, also known as APT38, and most likely a spinoff of the infamous Lazarus Group, has been at it since at least 2020 and has employed one of the most successful techniques in its arsenal: fake jobs.
Sapphire Sleet would create a lot of fake, non-existent things on social media: companies, recruiters, job ads, and anything else necessary to make the scam look like a legitimate recruiting attempt; Victims are then approached, either via email or different social media channels, and offered the job (with attractive compensation offers).
Article continues below.
Attack humans
However, during the process, the “recruiters” would ask the victim to join a Zoom video call, but the software used is not the actual Zoom; instead, it is a fake and malicious version, designed to place an information stealer on the device.
Speaking about the report, Sherrod DeGrippo, general manager of global threat intelligence at Microsoft, said The Registry Why criminals focus on attacking the human, rather than the system: “Social engineering allows attackers to bypass hardened perimeters by convincing users to act on their behalf, making a human the vulnerability. It’s low-cost, difficult to patch, and scales well,” DeGrippo explained.
“Users are conditioned to accept remote support interactions, such as downloading tools, following instructions or clicking on messages,” he added. “Attackers take advantage of this familiarity to make malicious actions appear routine, reducing victims’ skepticism at the critical moment of compromise.”
The campaign was said to target macOS users. Microsoft contacted Apple, who added “platform-level protections” to help detect and block malware and the infrastructure it uses. Updates were pushed automatically, meaning users do not need to update manually.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
