North Korean cybercriminals are running sophisticated fake recruitment campaigns to steal credentials from macOS users. The FlexibleFerret malware operation tricks job seekers with convincing hiring portals that mimic legitimate companies offering roles like "Blockchain Capital Operations Manager."
Victims are lured through fake interview processes, then asked to run Terminal commands to "fix" camera or microphone issues. This bypasses Apple's built-in security by getting users to manually install malware themselves.
Jamf Threat Labs discovered the attackers have upgraded their tools with architecture-aware payloads for both Intel and Apple silicon Macs, plus improved data theft capabilities. The final backdoor can harvest browser data, keychain passwords, and system information.
Source: Dark Reading