macOS FlexibleFerret | Further Variants of DPRK Malware Family Unearthed

Apple recently updated its malware tool to block variants of the macOS Ferret family, attributed to North Korean threat actors. SentinelLABS discovered new samples labeled ‘FlexibleFerret’, undetected by XProtect, which use a dropper package to install persistence agents and executables. The campaign, known as ‘Contagious Interview’, targets developers through fake job interviews and malicious code on platforms like GitHub.