Researchers have identified a new scam targeting Mac users, where attackers lure victims to a fake job website. The scheme involves impersonating recruiters on LinkedIn, enticing individuals to apply for jobs that require them to record and upload a video introduction. Once on the fraudulent site, users are misled into downloading a supposed update for FFmpeg software. Instead of an update, this leads to the installation of a backdoor known as Flexible Ferret, linked to the Democratic People’s Republic of Korea. The attackers employ social engineering tactics, tricking users into believing they need to download this “update” after encountering a message claiming camera or microphone access is blocked. A curl command is provided for Terminal, which ultimately installs malware. Once the malware gains access, it creates a LaunchAgent to ensure persistence, allowing attackers consistent control over the infected Mac. The Flexible Ferret malware can collect device information, execute commands, and steal Chrome profile data, turning the compromised machine into a remote-controlled botnet. Although this campaign primarily targets Mac users, Windows users are also at risk from similar methods, with attackers utilizing the information stealer InvisibleFerret. To protect against these threats, users should keep their systems updated, avoid running unfamiliar code, and remain cautious about unsolicited communications. Verifying the authenticity of links and downloading attachments only from trusted sources is crucial for maintaining security.