About Me

My photo
Prameet
Prameet Nanda is a security consultant, as well as an author in Cyber-security. Prameet a BCA degree in Computer Science and worked in IT security and Web application development. He has successfully delivered and developed IT solutions for companies all over Nations. He is passionate about Technology and loves what he’s doing. After many years of experience in computer science, he has turned his attention to cyber security and the importance that security brings to this mine field. His passion to the ethical hacking mixed with his background in programming and IT makes him a wise swiss knife professional in the computer science field
View my complete profile

Contact Form

Name

Email *

Message *

North Korea-linked targets Job Seekers with macOS malware

Prameet

 ESET researchers continue to monitor a cyberespionage campaign, tracked as “Operation In(ter)ception,” that has been active at least since June 2020. The campaign targets employees working in the aerospace and military sectors and leverages decoy job offer documents.

ESET published a series of tweets detailing the recent attacks, the experts spotted a signed Mac executable disguised as a job description for Coinbase. The malicious code was uploaded to VirusTotal from Brazil on August 11, 2022.

 Malware is compiled for both Intel and Apple Silicon, it drops three files: a decoy PDF document Coinbase_online_careers_2022_07.pdf, a bundle http://FinderFontsUpdater.app and a downloader safarifontagent. The discovery is similar to other attacks detected by ESET researches in May.

The bundle employed in the attack is signed July 21 using a certificate issued in February 2022 to a developer named Shankey Nohria and team identifier 264HFWQH63.

“The application is not notarized and Apple has revoked the certificate on August 12.” states ESET. 

Experts noticed that unlike May attacks, the downloader safarifontagent connects to a different C&C server (https://concrecapital[.]com/%user%.jpg). The C2 server did not respond at the time ESET experts analyzed this malware.

The researcher @h2jazi also discovered a Windows counterpart of this malware on August 4, it was dropping the exact same decoy.

-Prameet 

 

Prameet

Posted by Prameet

Prameet Nanda is a security consultant, as well as an author in Cyber-security. Prameet a BCA degree in Computer Science and worked in IT security and Web application development. He has successfully delivered and developed IT solutions for companies all over Nations. He is passionate about Technology and loves what he’s doing. After many years of experience in computer science, he has turned his attention to cyber security and the importance that security brings to this mine field. His passion to the ethical hacking mixed with his background in programming and IT makes him a wise swiss knife professional in the computer science field