Researchers at Kandji dug into a new stealer, using the command and control server domain appleprocesshub[.]com, first noticed by MalwareHunterTeam on Twitter (no, I will not call it X, nor will I link to anything there). Findings are both interesting and vague.
Author: thomasareed
Malware campaigns targeting Ledger users
Moonlock Lab outlined 4 different campaigns, all targeting users of the Mac version of Ledger Live, a cryptocurrency management app. Among other techniques described, they mentioned a newly-observed technique for phishing seed phrases.
Continue reading Malware campaigns targeting Ledger usersA look at a modern Python stealer
The folks over at Jamf found and analyzed a stealer built in Python, and compiled into a Mac app using PyInstaller. As they point out, it’s not new to see Mac malware using PyInstaller, but to their knowledge this is the first stealer to do so. Let’s take a look.
Continue reading A look at a modern Python stealerMalicious npm packages infect Cursor AI
Kirill Boychenko revealed, on May 7, findings that showed several malicious npm packages targeting Mac developers. The malware was specifically targeting developers using the Cursor AI code editor, with the purpose of stealing Cursor credentials and modifying the Cursor app.
Continue reading Malicious npm packages infect Cursor AIMac stealer distributed via fake CAPTCHAs
In a very interesting article on BadByte, it was revealed that a malicious CAPTCHA had been spotted on a legitimate site that had been compromised. The CAPTCHA was designed to trick the user into actions that would infect the machine with Atomic Stealer. Worse, this campaign, dubbed MacReaper, was then tracked to around 2,800 other potentially compromised sites.
Continue reading Mac stealer distributed via fake CAPTCHAsBanshee stealer updates
Kaspersky posted a summary of some high-level updates on Banshee back in January. Although it’s a bit light on specific details about behavior, there’s still some very interesting information there.
Continue reading Banshee stealer updatesReboot!
This blog has languished without a clear purpose ever since I created it. I simply never had time to flesh it out. It’s time for that to change. Expect to see more articles here, starting now!
Continue reading Reboot!Insecure iPhone in free fall
Last week, Alaska Airlines flight 1282 was forced to land after a “door plug” popped out of the plane. Fortunately, no one was injured, and the lack of tragedy has led to countless jokes about things like extreme exit row seating and the like.
One of the stories that has captured people’s attention is the finding of an iPhone that was sucked out of the plane and fell 16,000 feet to the ground. Twitter user SeanSafyre reported finding the phone. (If you, like me, prefer not to visit that hellsite, the post is also visible on Mastodon – an open-source alternative to Twitter – via a mirror of the SeanSafyre Twitter account.)
Continue reading Insecure iPhone in free fallIt’s not a virus
(If you don’t read that title in your head the same way Arnold Schwarzenegger said “it’s not a tumor” in Kindergarten Cop, I’d argue you need to rethink your life choices. 😉)
I have a non-functional hot tub that needs repair, which is a problem as my wife and I are preparing to sell our house. (Bear with me for a minute, I’m going somewhere with this.)
Continue reading It’s not a virusmacOS bugs are causing kext failures
Back in summer of 2018, customer support at Malwarebytes started seeing people with problems activating the kernel extension (kext) in Malwarebytes for Mac. This opened a can of worms that we’re still struggling with today… as soon as we think the worms are back in the can, we start finding new ones. Unfortunately, these worms all belong to macOS, and are affecting other kexts as well.
Continue reading macOS bugs are causing kext failures