Nice of #BlueNoroff to play along with #MITRE evaluations coming up --> New Notarized DPRK #macOS malware, variant of SwiftBucket. Drops at /Users/Shared/.secd or .hmacd. SHA1s >>

In this new article from DefSecSentinel, we explore just how easy it is to write detection rules for Elastic Security! Check out the detections we wrote for UltraEdit, which was surfaced by MalwareHunterTeam back in January: go.es.io/3wYg6TS

We've released a blog post documenting two active infostealer attacks we're seeing against macOS. One that uses sponsored ads to route users to a fake download and one that poses as conferencing software. Check it out! jamf.com/blog/infosteal…

my first blog post since starting at Huntress just dropped! 🔥 Stuart Ashenbrenner 🇺🇸 🇨🇦 and I take a look at the recently discovered macOS #LightSpy variant and highlight some of the major differences between it and the iOS version!🍎 huntress.com/blog/lightspy-…

Stoked this LABScon talk is live! We explore Mach-O malware similarity 🧫🔬 and a whirlwind tour of the Big 3 DPRK crypt0 clusters 🇰🇵💰 We’ve added some additional “measures” (like entitlement hashing) and rumor has it some will be in YARA-X soon 👀 (cc jacob ☕🦆⌨️ )

MalwareHunterTeam Thanks for the @ 🥰🙏🏽 Appears to be a native build of the DPRK's "BeaverTail" (previously distributed via JS, an analyzed by Palo Alto Networks) Just posted my analysis: objective-see.org/blog/blog_0x7A…

#OBTS v7 talks have been announced: objectivebythesea.org/v7/talks.html 🤗 With over 20 talks (from many of the world's top researchers), covering macOS/iOS bugs & exploits, malware, internals, tools, and much more, this is a can't miss event! Which talks are you most excited about?

Our latest research details a Gatekeeper bug we reported to Apple that affects Launch Services. While exploring this issue, we also found ways to bypass Gatekeeper using the “The Unarchiver”, a popular archiving application on macOS. Check out our blog: jamf.com/blog/gatekeepe…

The FBI recently sent a warning out regarding DPRK activity against the crypto industry. Today, we documented attacks we've seen on macOS. Attacks start with social engineering and deliver a piece of malware that we call ThiefBucket. jamf.com/blog/jamf-thre… #malware

MalwareHunterTeam Patrick Wardle Florian Roth it`s rustbuck, related pdf 743bd4c36afdcfaff4508fd613a4f4eee71d2e0bc5a31deb1c170d1039c953ae, found in hxxps://filedn.com/lY24cv0IfefboNEIN0I9gqR/, old xor key as in jamf.com/blog/bluenorof…, decrypted pdf 37e6d18ba339b3efa5dd26e143af8bbeb8eefabbc4cfab72e6150e3bc3290b31

Karlo Zanki ReversingLabs beat me to it with a great write-up, referenced in the blog, but I found this #DPRK lure and its Python initial access implementation very interesting so I decided to do a technical deep dive write-up while looking more at why Python is so attractive