Summary: A recent investigation has uncovered a cyber-espionage campaign linked to North Korean actors, utilizing malware disguised as job interview applications to harvest sensitive data from macOS users. The malware, identified as ‘DriverEasy’ and ‘ChromeUpdate’, employs social engineering tactics to deceive victims into providing their credentials. The malicious applications exploit fake prompts to capture user passwords and send them to Dropbox accounts controlled by the attackers.
Affected: macOS Users
Keypoints :
- Malware masquerades as job interview applications to lure victims.
- DriverEasy.app captures user credentials through fake Google Chrome authentication prompts.
- Captured credentials are uploaded to Dropbox using shared API credentials among related malware.
Source: https://securityonline.info/chromeupdate-drivereasy-north-koreas-new-macos-cyber-espionage-tools/