North Korean Hackers Exploit AppleScript in New macOS Attacks Targeting Financial Sector
North Korean hackers have launched a new campaign targeting macOS users within financial organizations, utilizing social engineering and evasion techniques. The campaign, uncovered by Any.Run, involves the use of the ClickFix technique to trick users into installing malware. Hackers have been using compromised accounts to send fake meeting invitations via platforms like Telegram, directing victims to websites mimicking Zoom, Microsoft Teams, or Google Meet. Victims are then prompted to execute commands in the Terminal, leading to the installation of malware designed to steal credentials and sensitive data. Another campaign, attributed to the state-sponsored group Sapphire Sleet, uses AppleScript for code execution and detection evasion, resulting in data exfiltration. The attacks involve fake recruiter profiles and technical interviews, where victims are asked to install malware disguised as video conferencing tools or SDK updates. The malware executes arbitrary shell commands, leading to the deployment of... 
