Sapphire Sleet Malware Campaign Targets macOS Users via Fake Zoom SDK Update

Severity: High (Score: 72.5)

Sources: Cybersecuritynews, Gbhackers

Summary

A new cyber campaign targeting macOS users has been launched by the North Korean threat actor Sapphire Sleet. The attackers are distributing malware through a fake Zoom SDK update, tricking users into executing malicious files. This attack method relies on social engineering rather than exploiting software vulnerabilities, allowing it to bypass Apple's security measures. Victims are at risk of having their passwords, cryptocurrency assets, and personal data stolen. The campaign highlights a shift in tactics from traditional software exploitation to manipulation of user behavior. Currently, there are no specific CVEs associated with this attack, and the full scope of the impact is still being assessed. Security experts are urging users to be cautious of unsolicited software updates. The campaign is ongoing, with no known resolution at this time. Key Points: • Sapphire Sleet is using fake Zoom SDK updates to distribute malware to macOS users. • The attack relies on social engineering tactics, bypassing traditional security measures. • Victims risk losing sensitive information, including passwords and cryptocurrency.

Key Entities

• Sapphire Sleet (apt_group)
• Malware (attack_type)
• T1036 - Masquerading (mitre_attack)
• MacOS (platform)
• Zoom (platform)