CyberVeille.chNov 27
📢 FlexibleFerret cible macOS via de faux tests de recrutement et installe un backdoor multi‑étapes
📝 Source: Jamf Threat Labs (blog Jamf).
📖 cyberveille : https://cyberveille.ch/posts/2025-11-27-flexibleferret-cible-macos-via-de-faux-tests-de-recrutement-et-installe-un-backdoor-multi-etapes/
🌐 source : https://www.jamf.com/blog/flexibleferret-malware-continues-to-adapt/
#DPRK #FlexibleFerret #Cyberveille
FlexibleFerret cible macOS via de faux tests de recrutement et installe un backdoor multi‑étapes

Source: Jamf Threat Labs (blog Jamf). Contexte: poursuite de la campagne « Contagious Interview » attribuée à des opérateurs alignés DPRK et déjà signalée par SentinelOne et Validin, avec de nouveaux leurres et une chaîne d’infection remaniée ciblant macOS. • Social engineering (phase 1) 🎣: des sites de faux recrutements comme evaluza[.]com et proficiencycert[.]com guident les victimes à travers un « hiring assessment » puis leur demandent d’exécuter une commande Terminal prétendument nécessaire pour débloquer caméra/micro. Le JavaScript assemble une commande curl qui télécharge un chargeur vers /var/tmp/macpatch.sh, le rend exécutable et l’exécute en arrière‑plan.

CyberVeille
The Threat CodexNov 26
FlexibleFerret malware continues to strike
#FlexibleFerret
https://www.jamf.com/blog/flexibleferret-malware-continues-to-adapt/
FlexibleFerret: macOS Malware Deploys in Fake Job Scams

Jamf Threat Labs analyzes the FlexibleFerret macOS malware, a threat that uses fake recruitment lures and social engineering to infect systems and steal credentials.

lazarusholicFeb 9, 2025
"“Contagious Interview” Targets macOS with FlexibleFerret Malware" published by HivePro. #ContagiousInterview, #FlexibleFerret, #DPRK, #CTI https://hivepro.com/wp-content/uploads/2025/02/TA2025031.pdf
lazarusholicFeb 6, 2025
"FERRET Malware Targets macOS in Sophisticated North Korean Attacks" published by CybersecSentinel. #BeaverTail, #FRIENDLYFERRET, #FlexibleFerret, #InvisibleFerret, #Lazarus, #OtterCookie, #macOS, #DPRK, #CTI https://cybersecsentinel.com/ferret-malware-targets-macos-in-sophisticated-north-korean-attacks/
FERRET Malware Targets macOS in Sophisticated North Korean Attacks

Threat Group: Lazarus Group (also known as Andariel, APT38, Hidden Cobra) Threat Type: Advanced Persistent Threat (APT) Exploited Vulnerabilities: Social engineering tactics, including spear-phishing and fake job lures Malware Used: FERRET Malware Family (including variants such as FlexibleFerret, InvisibleFerret, BeaverTail) Threat Score: High (8.5/10) – Due to its sophisticated

Cybersec Sentinel
Hackread.comFeb 4, 2025

🚨 N. Korean ‘FlexibleFerret’ malware is hitting macOS! Disguised as fake Zoom apps, job scams, & bug report comments tricking users into installing it!

Read: https://hackread.com/north-korea-flexibleferret-malware-macos-fake-zoom-job-scams/

#CyberSecurity #macOS #FlexibleFerret #Malware

N. Korean ‘FlexibleFerret’ Malware Hits macOS with Fake Zoom, Job Scams

Follow us on Bluesky, Twitter (X) and Facebook at @Hackread

Hackread - Latest Cybersecurity, Tech, Crypto & Hacking News
lazarusholicFeb 3, 2025
"macOS FlexibleFerret | Further Variants of DPRK Malware Family Unearthed" published by SentinelOne. #ContagiousInterview, #FlexibleFerret, #macOS, #DPRK, #CTI https://www.sentinelone.com/blog/macos-flexibleferret-further-variants-of-dprk-malware-family-unearthed/
macOS FlexibleFerret | Further Variants of DPRK Malware Family Unearthed

DPRK 'Contagious Interview' campaign continues to target Mac users with new variants of FERRET malware and GitHub devs with repo spam.

SentinelOne