North Korean state-sponsored threat actors are once again staging fake job interviews in an attempt to infect unsuspecting victims with information-stealing malware — but this time, they're targeting Apple users.
Cybersecurity researcher Patrick Wardle recently discovered a new variant of BeaverTail, a notorious information stealer capable of obtaining sensitive information from web browsers (including Google Chrome, Brave, and Opera), cryptocurrency, login credentials, iCloud Keychain, and more. BeaverTail can also function as a dropper, deploying the InvisibleFerret backdoor for persistent remote access.
The malware was given the filename “MiroTalk.dmg” in an attempt to trick users into thinking they were downloading the MiroTalk video calling service. DMG is an Apple macOS disk image file.
“Cunning group”
“If I had to guess, the DPRK hackers probably approached their potential victims, asking them to join a recruitment meeting, downloading and running the (infected version of) MiroTalk hosted on mirotalk[.]”net,” Wardle said.
This is not the first time North Korean hackers have been seen running fake job campaigns. The infamous Lazarus group was seen doing so on multiple occasions, and at one point even managed to steal around $600 million from a cryptocurrency bridge project, after tricking a developer in this way.
What makes this campaign interesting is that BeaverTail was previously distributed via malicious npm packages hosted on GitHub and npm.
“North Korean hackers are clever and highly skilled at hacking macOS targets, although their technique often relies on social engineering (and is therefore, from a technical standpoint, fairly unimpressive),” Wardle said.
In other words, the best way to stay safe is to be wary of job offers that come your way, especially if they seem too good to be true. Whenever someone reaches out to you, whether through LinkedIn or elsewhere, always do your due diligence and do background checks on the company that is hiring and the people carrying out the hiring process.
Through Hackers News
