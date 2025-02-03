SentinelLabs has revealed research into variants of FERRET, the DPRK-linked macOS malware. These new variants, labelled “FlexibleFerret,” currently remain undetected by Apple’s XProtect.

Here are the highlight from the research:

The FERRET malware is part of the North Korean Contagious Interview campaign, in which threat actors lure targets to install malware through the job interview process.

Last week Apple pushed a signature update to its on-device malware tool XProtect to block several variants of what it called the macOS FERRET family. Despite that, these newly uncovered variants remain undetected by XProtect.

Indicators present in the FERRET family of malware overlap with indicators seen in other DPRK campaigns, including the BlueNoroff Hidden Risk Threat Actor.

