As quickly because the sufferer clicks on the motion immediate, the executed binary (normally the JavaScript-based “BeaverTail” malware) runs a malicious shell script that installs a persistence agent within the native system, together with an executable posing as a Google Chrome replace (labeled ChromeUpdate) which in actuality is a Golang backdoor and stealer.
The Ferret malware is particularly designed for macOS techniques, with variants focused at macOS’s consumer interface (FROSTYFERRET_UI), security daemon (FRIENDLYFERRET_SECD), and command codes inside the macOS surroundings (MULTI_FROSTYFERRET_CMDCODES).
In a remark to CSO, Boris Cipot, a senior security engineer at Black Duck, mentioned, “There are completely different menace actor teams which can be focused on MacOS, most distinguished being the teams from North Korea, China, and Russia. What we are able to see is that the most recent marketing campaign is an additional evolution of the FERRET malware household as these menace actors are attempting to fine-tune their strategies of bypassing security measures.”
