North Korean Hackers Target Mac Users with Fake Job Interviews

North Korean hackers use fake job ads to install malware on macOS, stealing credentials through deceptive interview processes.

By Content Team

Nov 26, 2025

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

North Korean cybercriminals are running sophisticated fake recruitment campaigns to steal credentials from macOS users. The FlexibleFerret malware operation tricks job seekers with convincing hiring portals that mimic legitimate companies offering roles like "Blockchain Capital Operations Manager."

Victims are lured through fake interview processes, then asked to run Terminal commands to "fix" camera or microphone issues. This bypasses Apple's built-in security by getting users to manually install malware themselves.

Jamf Threat Labs discovered the attackers have upgraded their tools with architecture-aware payloads for both Intel and Apple silicon Macs, plus improved data theft capabilities. The final backdoor can harvest browser data, keychain passwords, and system information.

Source: Dark Reading

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

Critical Apache StreamPipes Flaw Lets Attackers Hijack Admin Accounts

Dec 31, 2025

Iranian Hackers Target US Medical Company in Cyber Retaliation

Mar 15, 2026

Inside the High-Stakes World of Ransomware Negotiations

Dec 30, 2025

Hackers Exploit Google Tasks for Massive Phishing Campaign Targeting 3,000 Organizations

Jan 3, 2026