- Microsoft warns North Korean Sapphire Sleet (APT38) against Western companies with fake job scams
- Malicious Zoom lookalike drops info stealers to steal cryptocurrency
- The campaign focuses on macOS users; Apple pushed automatic protection to block attacks
North Korean state-sponsored threat actors called Sapphire Sleet are targeting companies in the West with infostealer malware in a bid to capture their cryptocurrencies, experts have warned.
Security analysts from Microsoft said the group, also known as APT38 and most likely a spinoff of the infamous Lazarus Group, has been at work since at least 2020 and has used one of the most successful techniques in its arsenal – fake jobs.
Sapphire Sleet would create a whole slew of fake, non-existent things on social media: companies, recruiters, job ads, and anything else necessary to make the scam look like a legitimate employment attempt—and the victims would then be contacted, either via email or various social media channels, and offered the job (with enticing compensation offers).
The article continues below
Attacks people
However, during the process, the “recruiters” would ask the victim to participate in a Zoom video call, but the software used is not the real Zoom – instead, it’s a fake, malicious version, designed to drop an info thief on the device.
Sherrod DeGrippo, Microsoft’s global threat intelligence manager, spoke about the report The register why bad guys focus on attacking the human instead of the system: “Social engineering lets attackers route around hardened perimeters by convincing users to act on their behalf, making a human the vulnerability. It’s cheap, hard to patch, and scales well,” explained DeGrippo.
“Users are conditioned to accept remote support interactions like downloading tools, following instructions, clicking prompts,” she added. “Attackers leverage this familiarity to make malicious actions feel routine, reducing the victim’s skepticism at the critical moment of compromise.”
The campaign is aimed at macOS users, it said. Microsoft contacted Apple, which added “platform-level protection” to help detect and block the malware and the infrastructure it uses. The updates were pushed out automatically, which means users don’t need to update manually.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
