New macOS malware chain could cause a major security headache - here's what we know

1. Pro
2. Security

New macOS malware chain could cause a major security headache - here's what we know News By Sead Fadilpašić published 26 November 2025

North Korean hackers are targeting macOS devs now

Comments (0) ()

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

(Image credit: Adobe)

• Jamf reports North Korean actors using fake job ads and ClickFix tactics to target macOS users
• Victims are tricked into running curl commands in Terminal, installing FlexibleFerret backdoor malware
• The campaign, dubbed Contagious Interview, enables credential theft, file exfiltration, and system compromise

North Korean state-sponsored threat actors are targeting macOS users with new malware, utilizing a strategy that combines two popular approaches - fake job ads, and ClickFix, experts have warned.

Security researchers Jamf confirmed they have spotted attacks in the wild using ClickFix, an attack method in which the victim is presented with a fake problem, and at the same time, presented with a fix. It is an evolution of the old “You have a virus” popup that dominated the internet in the early 2000’s.

• Amazon Black Friday deals are live: here are our picks!

Jamf says ‘DPRK-aligned operators’ from the FlexibleFerret malware family have been creating fake companies, fake LinkedIn profiles and, most importantly - fake job ads, as part of a wider campaign called Contagious Interview.

You may like

• Experts warn ClickFix malware attacks are back, and more dangerous than ever before - here's how to stay safe
• JSON services hijacked by North Korean hackers to send out malware
• Are you an Apple Mac user? Cybercriminals are using this popular website to target you with malware and infostealers - here's what you need to stay safe

$60 offSave 75%Aura Family: was US$80 now US$20 at Aura Inc

Aura can protect your family with a plethora of features: Password Manager, ID theft protection, Antivirus, VPN, Parental Control and much more for just $20 per month!

View Deal

Curl commands and fake fixes

Victims, mostly software developers, would either discover these websites and job ads by themselves, or would be invited for interviews via LinkedIn.

After jumping through multiple loops, the victims would then be asked to record a video of themselves through the employer’s platform, but if they would try to do so, the platform would tell them that their camera isn’t working properly.

They would then be presented with a fix - a curl command to be entered into Terminal - which doesn’t fix the problem but rather introduces malware to the system.

This malware, essentially a backdoor, does a couple of things - generates a short machine identifier, checks for duplicates, and then pulls additional commands from a hard-coded command server.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

Those commands include collecting system information, uploading or downloading files, executing shell commands, pulling Chrome profile data, or triggering an automated credential theft.

“Organizations should treat unsolicited ‘interview’ assessments and Terminal-based ‘fix’ instructions as high-risk, and ensure users know to stop and report these prompts rather than follow them,” the researchers concluded.

The best antivirus for all budgetsOur top picks, based on real-world testing and comparisons

➡️ Read our full guide to the best antivirus1. Best overall:Bitdefender Total Security2. Best for families:Norton 360 with LifeLock3. Best for mobile:McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

TOPICS Malware Sead FadilpašićSocial Links Navigation

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Logout Read more Experts warn ClickFix malware attacks are back, and more dangerous than ever before - here's how to stay safe    JSON services hijacked by North Korean hackers to send out malware    Are you an Apple Mac user? Cybercriminals are using this popular website to target you with malware and infostealers - here's what you need to stay safe    TikTok videos used to hide dangerous malware attacks - here's how to stay safe    Microsoft flags dangerous XCSSET macOS malware targeting developers - so be on your guard    Thousands of web pages abused by hackers to spread malware    Latest in Security Ransomware hackers attack SMBs being acquired to try and gain access to multiple companies    Emergency alert systems across US disrupted following OnSolve CodeRED cyberattack    SitusAMC hack may have exposed data at major financial heavyweights    Watch out coders - top code formatting sites are apparently exposing huge amounts of user data    Harvard University reveals data breach hitting alumni and donors    Hackers impersonate TechCrunch reporters to steal sensitive information - but you can always trust us    Latest in News Android-powered desktop PCs are coming – and I think they'll be exciting    Poco’s new flagship phone has a mini Bose subwoofer for 2.1-channel audio – and I hope I’m not near one on the bus    Chat Control: EU lawmakers finally agree on the voluntary scanning of your private chats    How to watch Sidelined 2: Intercepted on Tubi (it's free)    The world's first 360-degree camera drone just got an on-sale date    How to watch Atletico Madrid vs Inter Milan: Free streams, TV channels and preview for Champions League contest    LATEST ARTICLES

1. 1New macOS malware chain could cause a major security headache - here's what we know
2. 2Leica just auctioned this one-off camera belonging to the late Pope Francis
3. 3The best compact camera for 2025: top choices to take anywhere
4. 4Please don't date your AI because it will never love you or pick up the check
5. 5Poco’s new flagship phone has a mini Bose subwoofer for 2.1-channel audio – and I hope I’m not near one on the bus