FlexibleFerret曝光，诱骗求职者在Mac上安装恶意软件

IT之家

06 Feb

2 月 6 日消息，网络安全公司 SentinelLabs 于 2 月 3 日发布博文，报道称黑客正利用名为“FlexibleFerret”的恶意软件家族，通过虚假招聘信息，或者伪装成 Chrome / Zoom 等应用更新，攻击苹果 Mac 用户。

IT之家援引博文介绍，苹果公司已通过 XProtect 签名更新来应对这些威胁，成功阻止了包括 FROSTYFERRET_UI、FRIENDLYFERRET_SECD 和 MULTI_FROSTYFERRET_CMDCODES 在内的多个变种。然而，部分“FlexibleFerret”变种仍未被检测到，显示出这些威胁的持续进化。

“FlexibleFerret”属于“Contagious Interview”行动，主要通过社交工程手段传播，攻击者伪装成招聘人员，诱骗求职者安装恶意软件。

受害者在网络远程求职面试时，会遇到错误信息，随后被诱导下载 VCam 或 CameraAccess 看似合法的应用程序。这些应用实际上安装了一个恶意持久代理，在后台运行，窃取敏感数据。

名为 versus.pkg 的恶意软件包包含多个恶意组件，包括 InstallerAlert.app、versus.app 和一个名为 zoom 的恶意二进制文件。一旦执行，恶意软件会安装一个启动代理以保持持久性，并通过 Dropbox 与命令与控制服务器通信。

Disclaimer: Investing carries risk. This is not financial advice. The above content should not be regarded as an offer, recommendation, or solicitation on acquiring or disposing of any financial products, any associated discussions, comments, or posts by author or other users should not be considered as such either. It is solely for general information purpose only, which does not consider your own investment objectives, financial situations or needs. TTM assumes no responsibility or warranty for the accuracy and completeness of the information, investors should do their own research and may seek professional advice before investing.

Most Discussed

1
2
3
4
5
6
7
8
9
10

{"basename":"","ssrTDKData":{"titleTemplate":"%s - Tiger Brokers","title":"Tiger Brokers | Global Stocks, Options & Futures Trading App","description":"Tiger Brokers, one-stop investment in US stocks, SGX stocks, HK stocks, A-shares & other global assets. One of the best stock trading platforms in Singapore.","keywords":"tiger brokers,tiger trade,tiger brokers singapore,broker online,stock trading in singapore,share trading singapore,brokerage firm singapore,trading app,stock broker singapore,stock trading platforms,trading account","social":{"ogDescription":"Tiger Brokers, one-stop investment in US stocks, SGX stocks, HK stocks, A-shares & other global assets. One of the best stock trading platforms in Singapore.","ogImage":"https://c1.itigergrowtha.com/portal5/static/media/og-logo.be62fbe1.png","ogUrl":"https://www.itiger.com/news/2509122707"},"companyName":"Tiger Brokers"},"pageData":{"isMobile":false,"isTiger":false,"isTTM":true,"region":"SGP","license":"TBSG","edition":"fundamental"},"__swrFallback__":{"@#url:\"https://stock-news.skytigris.cn/v3/news\",params:#id:\"2509122707\",edition:\"fundamental\",,,undefined,":{"share":"https://ttm.financial/m/news/2509122707?lang=en_US&edition=fundamental","thumbnail":"","is_english":false,"pubTime":"2025-02-06 20:13","share_image_url":"https://static.laohu8.com/e9f99090a1c2ed51c021029395664489","id":"2509122707","market":"sh","top_or_hot":-1,"title":"FlexibleFerret曝光，诱骗求职者在Mac上安装恶意软件","media":"IT之家","content":"<html><body><p>2 月 6 日消息，网络安全公司 SentinelLabs 于 2 月 3 日发布博文，报道称黑客正利用名为“FlexibleFerret”的恶意软件家族，通过虚假招聘信息，或者伪装成 Chrome / <a href=\"https://laohu8.com/S/ZM\">Zoom</a> 等应用更新，攻击<a href=\"https://laohu8.com/S/AAPL\">苹果</a> Mac 用户。</p><p><img src=\"https://x0.ifengimg.com/ucms/2025_06/55BF151F870110BD203A29BDE99C340C6644BC91_size118_w1312_h962.jpg\"/></p><p>IT之家援引博文介绍，苹果公司已通过 XProtect 签名更新来应对这些威胁，成功阻止了包括 FROSTYFERRET_UI、FRIENDLYFERRET_SECD 和 MULTI_FROSTYFERRET_CMDCODES 在内的多个变种。然而，部分“FlexibleFerret”变种仍未被检测到，显示出这些威胁的持续进化。</p><p>“FlexibleFerret”属于“Contagious Interview”行动，主要通过社交工程手段传播，攻击者伪装成招聘人员，诱骗求职者安装恶意软件。</p><p>受害者在网络远程求职面试时，会遇到错误信息，随后被诱导下载 VCam 或 CameraAccess 看似合法的应用程序。这些应用实际上安装了一个恶意持久代理，在后台运行，窃取敏感数据。</p><p><img src=\"https://x0.ifengimg.com/ucms/2025_06/180CA5E5BBF63DB176B27E19716FA8BB2A56BAC2_size162_w1312_h738.jpg\"/></p><p>名为 versus.pkg 的恶意软件包包含多个恶意组件，包括 InstallerAlert.app、versus.app 和一个名为 zoom 的恶意二进制文件。一旦执行，恶意软件会安装一个启动代理以保持持久性，并通过 Dropbox 与命令与控制服务器通信。</p><p><img src=\"https://x0.ifengimg.com/ucms/2025_06/369AF6F5593A82DFDE281F40A9ACDC908A45B02A_size130_w1312_h805.jpg\"/></p></body></html>","source":"fenghuang_stock","html":"<!DOCTYPE html>\n<html>\n<head>\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />\n<meta name=\"viewport\" content=\"width=device-width,initial-scale=1.0,minimum-scale=1.0,maximum-scale=1.0,user-scalable=no\"/>\n<meta name=\"format-detection\" content=\"telephone=no,email=no,address=no\" />\n<title>FlexibleFerret曝光，诱骗求职者在Mac上安装恶意软件</title>\n<style type=\"text/css\">\na,abbr,acronym,address,applet,article,aside,audio,b,big,blockquote,body,canvas,caption,center,cite,code,dd,del,details,dfn,div,dl,dt,\nem,embed,fieldset,figcaption,figure,footer,form,h1,h2,h3,h4,h5,h6,header,hgroup,html,i,iframe,img,ins,kbd,label,legend,li,mark,menu,nav,\nobject,ol,output,p,pre,q,ruby,s,samp,section,small,span,strike,strong,sub,summary,sup,table,tbody,td,tfoot,th,thead,time,tr,tt,u,ul,var,video{ font:inherit;margin:0;padding:0;vertical-align:baseline;border:0 }\nbody{ font-size:16px; line-height:1.5; color:#999; background:transparent; }\n.wrapper{ overflow:hidden;word-break:break-all;padding:10px; }\nh1,h2{ font-weight:normal; line-height:1.35; margin-bottom:.6em; }\nh3,h4,h5,h6{ line-height:1.35; margin-bottom:1em; }\nh1{ font-size:24px; }\nh2{ font-size:20px; }\nh3{ font-size:18px; }\nh4{ font-size:16px; }\nh5{ font-size:14px; }\nh6{ font-size:12px; }\np,ul,ol,blockquote,dl,table{ margin:1.2em 0; }\nul,ol{ margin-left:2em; }\nul{ list-style:disc; }\nol{ list-style:decimal; }\nli,li p{ margin:10px 0;}\nimg{ max-width:100%;display:block;margin:0 auto 1em; }\nblockquote{ color:#B5B2B1; border-left:3px solid #aaa; padding:1em; }\nstrong,b{font-weight:bold;}\nem,i{font-style:italic;}\ntable{ width:100%;border-collapse:collapse;border-spacing:1px;margin:1em 0;font-size:.9em; }\nth,td{ padding:5px;text-align:left;border:1px solid #aaa; }\nth{ font-weight:bold;background:#5d5d5d; }\n.symbol-link{font-weight:bold;}\n/* header{ border-bottom:1px solid #494756; } */\n.title{ margin:0 0 8px;line-height:1.3;color:#ddd; }\n.meta {color:#5e5c6d;font-size:13px;margin:0 0 .5em; }\na{text-decoration:none; color:#2a4b87;}\n.meta .head { display: inline-block; overflow: hidden}\n.head .h-thumb { width: 30px; height: 30px; margin: 0; padding: 0; border-radius: 50%; float: left;}\n.head .h-content { margin: 0; padding: 0 0 0 9px; float: left;}\n.head .h-name {font-size: 13px; color: #eee; margin: 0;}\n.head .h-time {font-size: 11px; color: #7E829C; margin: 0;line-height: 11px;}\n.small {font-size: 12.5px; display: inline-block; transform: scale(0.9); -webkit-transform: scale(0.9); transform-origin: left; -webkit-transform-origin: left;}\n.smaller {font-size: 12.5px; display: inline-block; transform: scale(0.8); -webkit-transform: scale(0.8); transform-origin: left; -webkit-transform-origin: left;}\n.bt-text {font-size: 12px;margin: 1.5em 0 0 0}\n.bt-text p {margin: 0}\n</style>\n</head>\n<body>\n<div class=\"wrapper\">\n<header>\n<h2 class=\"title\">\nFlexibleFerret曝光，诱骗求职者在Mac上安装恶意软件\n</h2>\n\n<h4 class=\"meta\">\n\n\n2025-02-06 20:13 北京时间&nbsp;&nbsp;&nbsp;<a href=https://tech.ifeng.com/c/8gkJR4pJIXj><strong>IT之家</strong></a>\n\n\n</h4>\n\n</header>\n<article>\n<div>\n<p>2 月 6 日消息，网络安全公司 SentinelLabs 于 2 月 3 日发布博文，报道称黑客正利用名为“FlexibleFerret”的恶意软件家族，通过虚假招聘信息，或者伪装成 Chrome / Zoom 等应用更新，攻击苹果 Mac 用户。IT之家援引博文介绍，苹果公司已通过 XProtect 签名更新来应对这些威胁，成功阻止了包括 FROSTYFERRET_UI、...</p>\n\n<a href=\"https://tech.ifeng.com/c/8gkJR4pJIXj\">Source Link</a>\n\n</div>\n\n\n</article>\n</div>\n</body>\n</html>\n","isBrief":false,"type":0,"news_type":1,"symbol":"BK4505","symbol_name":"高瓴资本持仓","start_time":0,"source_url":"https://tech.ifeng.com/c/8gkJR4pJIXj","article_id":"2509122707","we_media_id":null,"thumbnails":[],"rights":null,"url":"https://stock-news.laohu8.com/highlight/detail?id=2509122707","pubTimestamp":1738843991,"columns":[],"sourceInfo":{"source_id":"fenghuang_stock","name":"凤凰网"},"weMediaInfo":null,"summary":"2 月 6 日消息，网络安全公司 SentinelLabs 于 2 月 3 日发布博文，报道称黑客正利用名为“FlexibleFerret”的恶意软件家族，通过虚假招聘信息，或者伪装成 Chrome / Zoom 等应用更新，攻击苹果 Mac 用户。然而，部分“FlexibleFerret”变种仍未被检测到，显示出这些威胁的持续进化。“FlexibleFerret”属于“Contagious Interview”行动，主要通过社交工程手段传播，攻击者伪装成招聘人员，诱骗求职者安装恶意软件。名为 versus.pkg 的恶意软件包包含多个恶意组件，包括 InstallerAlert.app、versus.app 和一个名为 zoom 的恶意二进制文件。","collect":0,"end_time":0,"defaultTopTitle":"ifeng.com","property":[],"viewcount":null,"language":"zh","relate_stocks":{"BK4505":"高瓴资本持仓","BK4528":"SaaS概念","BK4588":"碎股","LU1861559042.SGD":"日兴方舟颠覆性创新基金B SGD","BK4023":"应用软件","BK4554":"元宇宙及AR概念","BK4532":"文艺复兴科技持仓","BK4525":"远程办公概念","BK4585":"ETF&股票定投概念","BK4551":"寇图资本持仓","BK4535":"淡马锡持仓","BK4548":"巴美列捷福持仓","ZM":"Zoom","LU1861558580.USD":"日兴方舟颠覆性创新基金B"},"translate_title":"FlexibleFerret exposed, tricking job seekers into installing malware on Macs","themeId":null,"isJumpTheme":false,"ttsUrl":null,"symbols_score_info":{"ZM":0.64},"content_text":"2 月 6 日消息，网络安全公司 SentinelLabs 于 2 月 3 日发布博文，报道称黑客正利用名为“FlexibleFerret”的恶意软件家族，通过虚假招聘信息，或者伪装成 Chrome / Zoom 等应用更新，攻击苹果 Mac 用户。IT之家援引博文介绍，苹果公司已通过 XProtect 签名更新来应对这些威胁，成功阻止了包括 FROSTYFERRET_UI、FRIENDLYFERRET_SECD 和 MULTI_FROSTYFERRET_CMDCODES 在内的多个变种。然而，部分“FlexibleFerret”变种仍未被检测到，显示出这些威胁的持续进化。“FlexibleFerret”属于“Contagious Interview”行动，主要通过社交工程手段传播，攻击者伪装成招聘人员，诱骗求职者安装恶意软件。受害者在网络远程求职面试时，会遇到错误信息，随后被诱导下载 VCam 或 CameraAccess 看似合法的应用程序。这些应用实际上安装了一个恶意持久代理，在后台运行，窃取敏感数据。名为 versus.pkg 的恶意软件包包含多个恶意组件，包括 InstallerAlert.app、versus.app 和一个名为 zoom 的恶意二进制文件。一旦执行，恶意软件会安装一个启动代理以保持持久性，并通过 Dropbox 与命令与控制服务器通信。","kind":"news","is_publish_news":true,"is_publish_highlight":false,"is_publish_live":false,"is_publish_wemedia":null,"editions":null,"column":"","sentiment":"0","news_tag":"","news_rank":0,"symbols":[],"gpt_button":1,"code":"91000000","status":"200"}}}