macOS FlexibleFerret | Further Variants of DPRK Malware Family Unearthed

Tags

External References

• https://www.sentinelone.com/
• https://otx.alienvault.com/

Description

This intelligence analysis describes newly discovered variants of the DPRK-attributed macOS Ferret malware family, labeled as 'FlexibleFerret'. The malware is part of the ongoing 'Contagious Interview' campaign targeting developers and job seekers. The new variants include a dropper package containing multiple components, including a fake Zoom binary and an InstallerAlert application. These components establish persistence and communicate with a command and control server. The campaign has expanded its tactics, now targeting GitHub users by creating fake issues on legitimate repositories. The malware remains undetected by Apple's XProtect tool, highlighting the evolving nature of the threat.

Date