"Charming Kitten Hackers Use New 'NokNok' Malware for macOS"

Researchers observed a new campaign that they linked to the Charming Kitten Advanced Persistent Threat (APT) group in which hackers used new macOS-targeting NokNok malware. The campaign began in May and uses a different infection chain than previously observed, with LNK files deploying the payloads as opposed to the typical malicious Word documents seen in the group's previous attacks. According to Mandiant, Charming Kitten, also known as APT42 or Phosphorus, has launched at least 30 operations in 14 countries since 2015. Google has established a connection between the threat actor and the Iranian state, specifically the Islamic Revolutionary Guard Corps (IRGC). This article continues to discuss the new campaign attributed to the Charming Kitten APT group involving NokNok malware.

Bleeping Computer reports "Charming Kitten Hackers Use New 'NokNok' Malware for macOS"