menu
techminis

A naukri.com initiative

New

google-web-stories
Home

>

Info. Security News News

>

macOS Flex...
source image

Sentinelone

1M

read

123

img
dot

Image Credit: Sentinelone

macOS FlexibleFerret | Further Variants of DPRK Malware Family Unearthed

  • Apple has pushed an update, designed to combat variations of the macOS Ferret malware family, to its malware tool, XProtect.
  • The family has been associated with the North Korean Contagious Interview campaign.
  • Researchers have now found that the malware also uses Dropbox for exfiltration and api.ipify.org to resolve the host's public IP.
  • A new set of malware samples called "FlexibleFerret" are currently not detected by XProtect.
  • The name of the malware is related to the previous Ferret malware type.
  • This particular malware variation masquerades as a legitimate Apple Developer installer package named vs.pkg and contains two applications InstallerAlert.app and versus.app.
  • The malware's primary function is, while tricking the user into thinking it is a legitimate application, it installs a persistence item in the User's Library LaunchAgents folder with the label com.zoom.plist.
  • Signatures in the malware are a functional match for the ChromeUpdate and shows 86% similarity to the previous Ferret malware variation.
  • The 'Contagious Interview' campaign and Ferret malware remains an active and ongoing campaign.
  • Finally, SentinelOne customers are protected from all known variants of the Ferret malware family

Read Full Article

like

7 Likes

share

1 Share

For uninterrupted reading, download the app