- Apple has offered a Ferret family malware patch
- Malware is used associated with the ‘contagious interview’ campaign
- However, some malware is still undetectable, so he is on guard
Apple has delivered a new patch in XProtect, its malware elimination tool on the device, aimed at blocking several variants of the family of mackeum threats ‘theft’.
As reported by Appleinsider, the new update will counteract several problems, including the variants of theft Friendlyferret_secd, Frostyferret_UI and Multi_Frostyferret_cmdcodes.
According to the reports, these malware variants are used by the computer pirates of North Korea in what has been called the ‘contagious interview’ campaign, in which criminals would create false work openings, mainly to software developers or industries high profile as defense, government or aerospace departments. The new XProtect updates will help block this family of MAC devices, here is everything we know so far.
The Huron Family
The researchers have observed these variants of the Fresh Family of the Huron to be associated with the ‘contagious interview’ campaign. This attack asks the objectives to communicate with an interviewer through a link that shows an error message, urging victims to install or update communication software for virtual meetings.
These ‘updates’ would disguise themselves as Chrome or Zoom installers, such as Chromeupdate and the Cameraccess persistence modules (really frostyferret_ui). These applications install a malicious persistence agent that runs in the background and steals confidential data from the victim.
The latest XProtect update will block the best known variants that are disguised as files of the macos system, including com.apple.secd (Friendlyferret). However, all FlexibleFerret variants cannot be detected, since malware overview evolves so fast.
The campaign has been observed since 2023, and has been attributed to the well -known Piracy Group of Lázaro, which has been observed with several malicious work campaigns to deceive employment applicants to download malware or troyanized remote access tools.
The data that these attackers can access depend on the device they infect. Aaron Walton, threat intelligence analyst at Expel points to anyone who is the victim of an attack using their work device, without realizing it puts their organization at risk.
“Although these bad actors are generally addressed to people through job offers, it is quite common for the individual to execute malware on a corporate device,” he says. “The attackers often know it and use it as a means to obtain information from their objective organization.”
Malware protection
In its origin, this is a social engineering campaign, so staying safe from these attacks is much easier if you can detect signals. Social engineering attacks such as phishing are often customized, sometimes using information obtained from the dark website, obtained in data violation, for example.
In this case, the victims delivered their information as part of the process of ’employment application’, so that in depths any site and companies to which they send employment requests is really important.
Companies cannot stop Phishing attacks, and human error will always put organizations at risk, so to mitigate the risks that each company, regardless of size, needs a solid cybersecurity strategy. Take a look at our SMB cybersecurity verification list to make sure it is covered.
“For organizations, it is important to have a strong in -depth defense strategy: to think about it as a strength of several layer security, where if a defense fails, another can stop the activity. That is, defend the environment of many different employment angles.
As with most cyber attacks, surveillance is key. New malware threats are increasing faster than ever, so it can detect signals can help limit damage. If your device is suddenly much more slow than normal, it is frequently blocked or randomly restarts, they are all signs that your device can be infected.
Another revealing sign is persistent emerging windows. These often false ads are quite harmless in themselves, but clicking on them can lead to a malicious place, and ads are often a sign that your device is infected. To obtain a more detailed explanation of what to look for, see our guide here.
For anyone who thinks that this can be applied to them, see our list to see the best antivirus software, which can really be useful to locate and eliminate malware, as well as protect against repeated infections.
If you find malware on your device, be sure to remove the infected program immediately. Along with this, it is a good idea to disconnect from the Internet to prevent malware spreading.
