Security Risk in DeepSeek

Apple has released an update for its Xprotect tool to block various variants of malware belonging to the 'Ferret' family. This malware has been used as part of a campaign called 'Contagious Interview', orchestrated by hackers from North Korea. The update focuses on countering specific variants, such as FRIENDLYFERRET_SECD, FROSTYFERRET_UI, and MULTI_FROSTYFERRET_CMDCODES.

Investigations indicate that this malware is used to lure professionals, particularly software developers and workers in sensitive sectors, through fake job offers. Attackers use a link that simulates an interview and displays an error message, prompting victims to install or update communication software for virtual meetings. These updates are often disguised as legitimate application installers like Chrome or Zoom, although they actually install a malicious agent that extracts sensitive information from the affected device.

The new Xprotect patch aims to block most known variants that hide as macOS system files, including com.apple.secd, corresponding to FRIENDLYFERRET. However, not all variants of FlexibleFerret are detectable, as the evolution of malware is constant and rapid.

The campaign has been tracked since 2023 and is attributed to the notorious hacking group Lazarus, which has used deceptive tactics to induce job applicants to download malware or compromised remote access tools. The information that these attackers can access varies depending on the device they infect.

Aaron Walton, a threat intelligence analyst at Expel, emphasizes that anyone who becomes a victim while using their work device puts their organization at risk. Often, these attackers focus on individuals through job offers, increasing the likelihood that the malware runs on a corporate device.

Regarding protective measures, it is emphasized that these attacks are essentially social engineering, and early detection can facilitate their avoidance. Social engineering attacks, such as phishing, are often personalized using information obtained from data breaches. In this context, victims provide their information during the job application process, highlighting the need to carefully verify the sites and companies to which they apply.

It is imperative that organizations maintain a robust cybersecurity strategy, as phishing attacks cannot be completely eradicated and human error may continue to pose a risk. Walton advises adopting a layered defense approach by implementing multiple security layers.

Constant vigilance is key against cyberattacks. Signs of infection such as slow device performance, frequent crashes, or random reboots can indicate an infection. Persistent pop-up windows, while not dangerous on their own, can lead to malicious sites and should also be considered a warning sign.

For those who suspect they have been affected, it is crucial to act quickly by removing the infected program and disconnecting from the Internet to prevent the spread of the malware.