"They're asking users to do the work for them," Microsoft warned, describing an evolving trick that leverages human trust rather than software flaws. The result, the company says, is a low-cost, hard-to-patch operation that targets Apple and macOS users’ credentials and cryptocurrency through social engineering and a counterfeit Zoom update.
What the campaign does — and who it targets
Microsoft reported that North Korean criminals are attempting to steal Apple users’ credentials and cryptocurrency. The attackers combine social engineering with a fake Zoom software update to convince victims to manually run malware on their own computers, according to Microsoft.
Why social engineering is attractive to attackers
Microsoft characterized the approach as "low-cost, hard to patch, and scales well." Those attributes explain why criminals would favor social engineering over purely technical exploits: if victims can be persuaded to install a malicious update themselves, the attackers bypass many defenses and avoid the need to exploit software vulnerabilities directly.
Implications for different audiences
- Technologists: The tactic reduces the immediate value of patching alone; defenses must include user-facing controls and improved software-update verification.
- Policymakers and defenders: The scale and low cost described by Microsoft suggest campaigns can be persistent and widespread, influencing where to prioritize detection and public guidance.
- Users: Apple and macOS users are called out as the target, and the vector — a convincing fake Zoom update — underscores the ongoing need for skepticism about unsolicited prompts to install or run software.
- Adversaries: For perpetrators, social engineering that induces manual execution of malware offers a resilient model that shifts effort onto the victim and blunts some technical countermeasures.
What this means going forward
Microsoft’s account frames the operation as a human-focused threat that targets credentials and cryptocurrency by tricking people into running malware. That combination — a well-known application update as the lure, social engineering as the method, and valuable digital assets as the prize — presents a clear, repeatable playbook for attackers. If it's "low-cost, hard to patch, and scales well," then the primary defenses will need to be human-centric as well: education, strong verification of update channels, and vigilant credential and asset protection.
How many more users will be asked to "click to update" before the lesson is learned? Read the original Microsoft account here: https://go.theregister.com/feed/www.theregister.com/2026/04/16/north_korea_social_engineering_macos/




