TheRegister's platform is a leading technology news website, offering insights into IT industry news, hardware reviews, and software updates. Through articles, analysis, and opinion pieces, TheRegister offers insights into cybersecurity threats, technology trends, and industry developments. Readers can stay updated with the latest news and analysis from the world of technology and IT business.

The Register

North Korea's Sapphire Sleet (APT38/Lazarus Group offshoot) is targeting macOS users in a multi-stage attack campaign. Attackers pose as fake recruiters on LinkedIn, lure finance professionals with phony job interviews, then deliver a malicious AppleScript disguised as a Zoom SDK update. The script uses thousands of blank lines to hide malicious code, invokes legitimate Apple binaries for cover, and chains curl commands to fetch progressively complex payloads. The attack ultimately harvests credentials, cryptocurrency wallets, browser history, keychains, Apple Notes, and Telegram login details. Apple has since deployed XProtect signatures and Safari Safe Browsing protections to block the campaign automatically. Organizations are advised to educate users about unsolicited LinkedIn communications and never run scripts shared through messages without IT approval.

North Korea targets macOS users in latest heist