North Korean Hackers Targeting Crypto Wallets of MacOS Users

According to a new report by California-based cybersecurity company SentinelOne, Apple recently updated its built-in antivirus software called XProtect to block North Korea-linked Ferret malware.

The malware family, which was first discovered in December, can comprise your system and steal funds from your crypto wallets.

Bad actors from North Korea typically pose as recruiters from well-known companies on LinkedIn, an employment-focused business platform. They typically lure potential victims with attractive pay ranges, making it easier for them to fall into the trap.

After exchanging several messages with their victims on LinkedIn, they send them a link to proceed with a video interview via a seemingly clean-looking site.

Once potential employees try recording a video, they get notified about access to their camera and mic being blocked due to multiple processes or threads accessing the cache at the same time. In order to fix the issue, they are prompted to open the Terminal app and copy a special command that is supposed to upgrade the latest drivers for macOS.

The hackers aim to install a backdoor that would make it possible to drain the cryptocurrency wallets of some gullible victims.

According to The Register, North Koreans stole a total of $659 million worth of crypto last year.

Last year, an unidentified IT company faced a ransom demand after unwittingly hiring a North Korean employee who faked his credentials and employment history.

In 2023, it was reported that North Korean hackers were pretending to be Meta recruiters on LinkedIn.