North Korea Targeting MacOS Users with Upgraded BeaverTail Malware

Democratic People’s Republic of Korea (DPRK), also known as North Korea, is targeting MacOS users with an upgraded version of the BeaverTail malware.

The malware is disguised as the legitimate version of a video calling service called MiroTalk, according to cybersecurity expert Patrick Wardle.

Once executed on a MacOS device, the updated version of the BeaverTail malware sets up an underground door through which malicious activities can be performed remotely against a MacOS user without detection.

This new BeaverTail was being distributed in a way that some MacOS users had to download it. Those North Korean actors pretended they were offering those users an opportunity for a job interview while presenting their cloaked malware as the video calling service that would facilitate communication during that interview.

What’s The BeaverTail Malware?

BeaverTail is a JavaScript malware designed by actors operating from North Korea. The tool was discovered in November 2023 by Palo Alto Networks Unit 42. Its main use is to steal information from software developers through fake job interviews, tricking the interviewees into executing the malicious package on their devices.

How The Upgraded BeaverTail Malware Works

A software developer who uses MacOS and has to speak face-to-face with his interviewer is led to click on the BeaverTail malware, which has been hidden inside a legitimate-looking MiroTalk. After this occurs, the malware downloads Python-based packages in the background and prepares the MacOS machine for exploitation. Subsequently, the remote actor can visit the device at will.

RELATED: Hamster Kombat Malware Targeting Android and Windows

Patrick Wardle Unimpressed With Mode Operandi

Cybersecurity expert Patrick Wardle did not hide how unimpressed he was after discovering how North Korea was targeting MacOS users with the upgraded version of their BeaverTail malware. He wrote, “North Korean hackers are a wily bunch and are quite adept at hacking macOS targets, even though their technique often rely on social engineering (and thus from a technical point of view are rather unimpressive).”