FERRET malware is being used in a deceptive cyberattack targeting macOS users through fake job interviews. A recent report revealed that North Korean hackers are behind this new campaign, tricking job seekers into installing malicious software.
The attackers pose as recruiters on LinkedIn and invite victims to virtual interviews. They send a fake videoconferencing link that prompts an error message. Then, the victim is asked to install an update for VCam or CameraAccess. However, this is actually malware in disguise.
How FERRET Infects macOS
Researchers first discovered this attack method in late 2023, but the malware has evolved. It uses bogus npm packages and fake apps to spread infections. Once installed, it harvests sensitive data, including web browser information and crypto wallet credentials.
The malware consists of several components. BeaverTail collects data, while InvisibleFerret serves as a Python backdoor. Other versions, such as FRIENDLYFERRET and FROSTYFERRET_UI, help maintain persistence on the victim’s system. Another version, FlexibleFerret, allows hackers to download additional malicious payloads.
Expanding Attack Methods
Hackers are now using new techniques to spread FERRET. One approach involves fake GitHub issues, where attackers post malicious links on legitimate repositories. Another method uses supply chain attacks, where malware is hidden inside popular npm packages.
A recent report found that hackers impersonated a well-known JavaScript library with over 16 billion downloads. Their goal was to infect Windows, macOS, and Linux systems by stealing credentials and sensitive data.
How to Protect Yourself
To avoid malware infections, be cautious with unsolicited job offers. Verify recruiters before clicking links. Never install unknown software or run suspicious terminal commands. Keep macOS security features enabled, use multi-factor authentication, and stay informed about the latest cyber threats.
