Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
North Korean Malware Targets macOS via Fake Zoom SDK Update

North Korean Malware Targets macOS via Fake Zoom SDK Update

Posted on April 17, 2026 By CWS

A newly identified cyber campaign by the North Korean group Sapphire Sleet poses a significant threat to macOS users. By disguising a malicious file as a Zoom SDK update, this operation aims to steal sensitive information such as passwords, cryptocurrency assets, and other personal data.

Understanding the Threat

Unlike typical attacks that exploit software vulnerabilities, this campaign relies primarily on social engineering tactics. Sapphire Sleet engages potential victims by assuming the role of a job recruiter on professional networks. After gaining trust through career discussions, they schedule a fake technical interview.

The attack escalates when the victim is instructed to download a file named “Zoom SDK Update.scpt.” This file, a compiled AppleScript, opens in the macOS Script Editor app, leading the user to believe it is a legitimate update while malicious code is concealed within.

Technical Details and Impact

Microsoft Threat Intelligence discovered this campaign, noting its unique use of AppleScript as a credential-harvesting tool, a first for Sapphire Sleet. Following this discovery, Microsoft informed Apple, which responded with updates to XProtect signatures and Safari Safe Browsing to thwart infrastructure linked to the attack.

Primarily targeting sectors like cryptocurrency, finance, and blockchain, the malware captures a range of data, including login passwords, Telegram session data, and crypto wallet keys. This information is then compressed and transmitted to servers controlled by the attackers.

Defense and Prevention

The malware circumvents macOS security features, such as Gatekeeper, by initiating execution within a user-initiated context. This highlights the need for greater user awareness and vigilance in recognizing phishing attempts.

Upon opening the lure file, the attack progresses through several command stages, involving the use of legitimate macOS processes to mask its activities. The malware gathers system information and installs components under deceptive names to avoid detection during system reboots.

To protect against such threats, users and organizations should be wary of unexpected requests to run terminal commands during online interactions. Blocking AppleScript files, auditing LaunchDaemon plist entries, and monitoring the TCC database for unauthorized modifications are crucial steps in enhancing security.

It is also essential to keep macOS systems updated to ensure the latest protective measures from Apple are in place, thereby reducing the risk of falling victim to similar campaigns.

Cyber Security News Tags:AppleScript, credential theft, cryptocurrency security, Cybersecurity, macOS security, North Korean malware, Sapphire Sleet, social engineering, tech news, Zoom SDK

Post navigation

Previous Post: CoChat Introduces Platform to Manage Shadow AI Risks
Next Post: Email Worms Target Industrial Control Systems Globally

Related Posts

AppGuard Critiques AI Defenses & Expands Insider Release AppGuard Critiques AI Defenses & Expands Insider Release Cyber Security News
Midnight Ransomware Decrypter Flaws Opens the Door to File Recovery Midnight Ransomware Decrypter Flaws Opens the Door to File Recovery Cyber Security News
Cybersecurity News Weekly Newsletter – Fortinet, Chrome 0-Day Flaws, Cloudflare Outage and Salesforce Gainsight Breach Cybersecurity News Weekly Newsletter – Fortinet, Chrome 0-Day Flaws, Cloudflare Outage and Salesforce Gainsight Breach Cyber Security News
BlueNoroff Hackers Weaponize Zoom App to Attack System Using Infostealer Malware BlueNoroff Hackers Weaponize Zoom App to Attack System Using Infostealer Malware Cyber Security News
MS-SQL Servers Under Persistent Threat by ICE Cloud Scanner MS-SQL Servers Under Persistent Threat by ICE Cloud Scanner Cyber Security News
Instagram Confirms no System Breach and Fixed External Party Password Reset Issue Instagram Confirms no System Breach and Fixed External Party Password Reset Issue Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • 7-Zip Flaw Risks Remote Code Execution for Millions
  • Hackers Sentenced for Disrupting London Transport Systems
  • JetBrains Fixes Critical Security Flaws in Key Products
  • Dutch Police Break Up €100 Million Fraud Network
  • AI Security Testing Evolves with New Threats

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • 7-Zip Flaw Risks Remote Code Execution for Millions
  • Hackers Sentenced for Disrupting London Transport Systems
  • JetBrains Fixes Critical Security Flaws in Key Products
  • Dutch Police Break Up €100 Million Fraud Network
  • AI Security Testing Evolves with New Threats

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark