FacebookTwitterLinkedIn

How to remove the FlexibleFerret malware from your Mac

Also Known As: FlexibleFerret virus
Type: Mac Virus
Damage level: Severe

Tomas Meskauskas Written by on

What kind of malware is FlexibleFerret?

FlexibleFerret is a piece of malicious software belonging to a Mac malware family dubbed "Ferret". This group of programs is linked to North Korean threat actors. Ferret programs (including FlexibleFerret) have been spread through fake job interviews and software repositories.

FlexibleFerret malware detections on VirusTotal

FlexibleFerret malware overview

FlexibleFerret arrives onto systems through an Apple installer package (PKG). This setup encompasses two apps – "InstallerAlert.app" and "versus.app", a postinstall.sh script in the parent folder, and a standalone binary called "zoom".

These components are utilized to further the infection, ensure persistence, and mask the malware from detection. Some of the components pretend to be legitimate parts of the operating system, and the application is signed with a valid Apple Developer signature and Team ID (both have been rendered invalid as of the time of writing).

During the infection, victims can be presented with a decoy error message that imitates genuine ones. The "This file is damaged and cannot be opened" message is intended to deceive users into believing that the supposedly legitimate application failed installation.

InvisibleFerret is one of the programs within the Ferret family. It is noteworthy that the threat actors behind this malware group have also used OtterCookie in their attacks. It is probable that FlexibleFerret shares functionalities with InvisibleFerret, which include backdoor-type capabilities and data extraction/exfiltration. It is likewise possible that the motivations behind FlexibleFerret infections align with those associated with the OtterCookie campaigns.

It is pertinent to mention that malware developers often improve upon their software and methodologies. Therefore, potential future versions of FlexibleFerret may boast additional/different functions and features.

To summarize, the presence of high-risk malware on devices can lead to system infections, data loss, serious privacy issues, financial losses, and identity theft.

Threat Summary:
Name FlexibleFerret virus
Threat Type Mac malware, Mac virus
Detection Names Avast (MacOS:Agent-ASF [Trj]), Combo Cleaner (Trojan.Generic.37349949), ESET-NOD32 (A Variant Of OSX/PSW.Agent.DA), Fortinet (OSX/Agent.DA!tr.pws), Kaspersky (HEUR:Trojan-PSW.OSX.Agent.f), Full List Of Detections (VirusTotal)
Symptoms Malware is designed to stealthily infiltrate the victim's device and remain silent, and thus no particular symptoms are clearly visible on an infected machine.
Distribution Methods Infected email attachments, malicious online advertisements, social engineering, software 'cracks'.
Damage Stolen passwords and banking information, identity theft, the victim's computer added to a botnet.
Malware Removal (Mac)

To eliminate possible malware infections, scan your Mac with legitimate antivirus software. Our security researchers recommend using Combo Cleaner.
▼ Download Combo Cleaner for Mac
To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

Mac-targeting malware examples

We have written about numerous malicious programs; LightSpyMultiverzePondRATTodoSwift, and Cthulhu are just a few of our articles on Mac-specific malware.

Software within this classification can be capable of various malicious activities; it can be highly versatile or designed for an incredibly narrow purpose. However, regardless of how malware operates – its presence on a system endangers device integrity and user safety. Therefore, all threats must be eliminated immediately upon detection.

How did FlexibleFerret infiltrate my computer?

As mentioned in the introduction, FlexibleFerret and other programs belonging to the Ferret family have been noted being distributed using two methods.

One uses job interview themed lures, wherein victims are deceived into communicating with fake interviewers. Cyber criminals then share links that lead to sites showing errors that necessitate the installation of software to address. Alternatively, victims can be requested to install software for a video interview; the apps may be presented as legitimate existing products for videoconferencing.

The other method is spreading through repositories like GitHub. Victims can be lured into downloading/installing via deceptive repositories or comments providing instructions on resolving Mac issues.

However, FlexibleFerret could also be proliferated using other techniques. Phishing and social engineering are standard in malware distribution.

Widespread methods include: drive-by (stealthy/deceptive) downloads, suspicious download channels (e.g., freeware and free file-hosting sites, P2P sharing networks, etc.), online scams, malicious attachments or links in spam emails/messages, malvertising, pirated programs/media, illegal software activation tools ("cracks"), and fake updates.

Furthermore, some malicious programs can self-spread through local networks and removable storage devices (e.g., external hard drives, USB flash drives, etc.).

How to avoid installation of malware?

We highly recommend researching software and downloading it only from official/verified sources. Programs must be activated and updated using functions/tools provided by genuine developers, as illegal activation ("cracking") tools and third-party updates can contain malware.

Another recommendation is to be vigilant while browsing since the Internet is full of deceptive and dangerous content. Incoming emails and other messages must be approached with caution. Attachments or links present in dubious/irrelevant mail must not be opened, as they can be infectious.

It is paramount for device/user safety to have a reputable anti-virus installed and kept updated. Security software must be used to perform regular system scans and to remove threats and issues. If your computer is already infected, we recommend running a scan with Combo Cleaner Antivirus for macOS to automatically eliminate infiltrated malware.

Instant automatic Mac malware removal: Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of Mac malware. Download it by clicking the button below:
 ▼ DOWNLOAD Combo Cleaner for Mac By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

Quick menu:

Potentially unwanted applications removal:

Remove potentially unwanted applications from your "Applications" folder:

Manual removal of malicious Mac applications

Click the Finder icon. In the Finder window, select "Applications". In the applications folder, look for "MPlayerX","NicePlayer", or other suspicious applications and drag them to the Trash. After removing the potentially unwanted application(s) that cause online ads, scan your Mac for any remaining unwanted components.

Frequently Asked Questions (FAQ)

My computer is infected with FlexibleFerret malware, should I format my storage device to get rid of it?

No, malware removal rarely necessitates such drastic measures.

What are the biggest issues that FlexibleFerret malware can cause?

The dangers posed by an infection depend on the malware's capabilities and the cyber criminals' goals. Generally, high-risk infections can lead to data loss, severe privacy issues, financial losses, and identity theft.

What is the purpose of FlexibleFerret malware?

Profit is the primary motivation behind malware attacks. However, cyber criminals can also use malicious programs to amuse themselves, carry out personal vendettas, disrupt processes (e.g., websites, services, organizations, etc.) engage in hacktivism, and launch politically/geopolitically motivated attacks.

How did FlexibleFerret malware infiltrate my computer?

FlexibleFerret has been spread through fake job interviews (e.g., bogus videoconferencing app download/installation, etc.) and software repositories. Alternative methods are possible.

In general, malware is proliferated through online scams, spam mail, drive-by downloads, suspect download sources (e.g., unofficial and free file-hosting websites, P2P sharing networks, etc.), illegal software activation tools ("cracks"), and fake updates. Some malicious programs can even self-spread via local networks and removable storage devices.

Will Combo Cleaner protect me from malware?

Yes, Combo Cleaner is designed to scan devices and eliminate all kinds of threats. It is capable of detecting and removing most of the known malware infections. Remember that sophisticated malicious software tends to hide deep within systems – therefore, performing a complete system scan is crucial.

▼ Show Discussion

About the author:

Tomas Meskauskas

Tomas Meskauskas - expert security researcher, professional malware analyst.

I am passionate about computer security and technology. I have an experience of over 10 years working in various companies related to computer technical issue solving and Internet security. I have been working as an author and editor for pcrisk.com since 2010. Follow me on Twitter and LinkedIn to stay informed about the latest online security threats. Contact Tomas Meskauskas.

PCrisk security portal is brought by a company RCS LT. Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.

Our malware removal guides are free. However, if you want to support us you can send us a donation.

About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

New Removal Guides
Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Top Removal Guides
QR Code
FlexibleFerret virus QR code
Scan this QR code to have an easy access removal guide of FlexibleFerret virus on your mobile device.
We Recommend:

Get rid of Mac malware infections today:

▼ REMOVE IT NOW
Download Combo Cleaner for Mac

Platform: macOS

Editors' Rating for Combo Cleaner:
Editors ratingOutstanding!

[Back to Top]

To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.