"The hackers have been mounting the attacks over Telegram, targeting business leaders, often using the compromised accounts of people known to the victim, with fake meeting invitations."
"Victims have been directed to websites mimicking Zoom, Microsoft Teams, or Google Meet, and prompted to 'fix' a fake connection issue by copying and executing a command in the Terminal."
"Another campaign, attributed by Microsoft to Sapphire Sleet, has relied on AppleScript for code execution and detection evasion, but has been leading to the same outcome: sensitive data exfiltration."
"During the fake interviews, the victims have been asked to install malware masquerading as a video conferencing tool or software developer kit (SDK) update."
North Korean hackers have targeted macOS users in financial organizations through social engineering techniques. They utilize the ClickFix method to trick users into installing malware. Victims receive fake meeting invitations via compromised accounts and are directed to fraudulent websites. This leads to the execution of malware designed to collect sensitive data. Another campaign uses AppleScript for code execution, resulting in similar data exfiltration. Fake recruiter profiles are also employed to lure victims into installing malware disguised as software updates.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]