macOS FlexibleFerret | Further Variants of DPRK Malware Family Unearthed

SUMMARY :

This intelligence analysis describes newly discovered variants of the DPRK-attributed macOS Ferret malware family, labeled as 'FlexibleFerret'. The malware is part of the ongoing 'Contagious Interview' campaign targeting developers and job seekers. The new variants include a dropper package containing multiple components, including a fake Zoom binary and an InstallerAlert application. These components establish persistence and communicate with a command and control server. The campaign has expanded its tactics, now targeting GitHub users by creating fake issues on legitimate repositories. The malware remains undetected by Apple's XProtect tool, highlighting the evolving nature of the threat.

OPENCTI LABELS :

macos,dropper,github,persistence,developers,dprk,contagious interview,friendlyferret_secd,flexibleferret,frostyferret_ui,chromeupdate,multi_frostyferret_cmdcodes


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


macOS FlexibleFerret | Further Variants of DPRK Malware Family Unearthed