Attacks deploying an updated variant of the BeaverTail information-stealing malware against macOS devices have been launched by North Korean hacking operations, according to The Hacker News.
Threat actors leveraged an Apple macOS disk image file spoofing the MiroTalk video call service to facilitate the distribution of BeaverTail, which not only allowed the exfiltration of browser, cryptocurrency wallet, and iCloud Keychain data but also enabled the execution of the InvisibleFerret backdoor for persistent access, reported Objective-See founder and cybersecurity researcher Patrick Wardle. "The North Korean hackers are a wily bunch and are quite adept at hacking macOS targets, even though their technique often rely on social engineering (and thus from a technical point of view are rather unimpressive)," said Wardle. Such a development follows an advisory from Japan's Computer Emergency Response Team Coordination Center warning about phishing intrusions by North Korean state-backed hacking group Kimsuky against Japanese organizations that involved the delivery of a data-exfiltrating PowerShell script.
