Microsoft experts warn North Korean attackers target macOS users with 'a highly reliable infection chain' to steal passwords, financial data and more — here's how to stay safe

News
By published

A Lazarus spinoff is stirring trouble among companies

North Korean flag made of binary code
(Image credit: Shutterstock)
  • Microsoft warns North Korean Sapphire Sleet (APT38) targeting Western businesses with fake job scams
  • Malicious Zoom lookalike drops infostealers to steal cryptocurrency
  • Campaign focuses on macOS users; Apple pushed automatic protections to block attacks

North Korean state-sponsored threat actors called Sapphire Sleet are targeting businesses in the west with infostealer malware in an attempt to nab their cryptocurrencies, experts have warned.

Security analysts from Microsoft said the group, also known as APT38, and most likely a spinoff from the infamous Lazarus Group, has been at it since at least 2020, and has employed one of the most successful techniques in its arsenal - fake jobs.

Sapphire Sleet would create a whole slew of fake, nonexistent things on social media: companies, recruiters, job ads, and anything else needed to make the scam look like a legitimate hiring attempt - with the victims are then approached, either via email or different social media channels, and offered the job (with enticing compensation offers).

Article continues below

Attacking humans

During the process, however, the “recruiters” would ask the victim to join a Zoom video call, but the software used is not the real Zoom - instead, it is a fake, malicious version, designed to drop an infostealer on the device.

Speaking about the report, Sherrod DeGrippo, Microsoft global threat intelligence GM, told The Register why crooks focus on attacking the human, rather than the system: "Social engineering lets attackers route around hardened perimeters by convincing users to act on their behalf, turning a human into the vulnerability. It's low-cost, hard to patch, and scales well," DeGrippo explained.

"Users are conditioned to accept remote support interactions like downloading tools, following instructions, clicking prompts," she added. "Attackers exploit this familiarity to make malicious actions feel routine, lowering victim skepticism at the critical moment of compromise."

The campaign targets macOS users, it was said. Microsoft reached out to Apple, who added “platform-level protections” to help detect and block the malware and the infrastructure it uses. The updates were sent out automatically, meaning users need not update manually.

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.