@TaiwanSpecial What a cringy politic post… we call it the Chinese New Year in Singapore. Only self-hating Chinese like u care so much about “Chinese” element in it.
Grateful for the amazing shots from the AI x Web3 Panel during Token2049~
Big thanks to Google Cloud for the speaker invitation, and to everyone who made the session both insightful and dynamic.
The value of "chokepoint" value of monopoly distributors:
Binance went down with an issue, and Twitter was filled with curses for an entire month;
Cloudflare, as an internet content CDN distributor, went down tonight, half the internet is paralyzed, and there's nowhere to vent the complaints. 😓
Another failed crypto wallet stealer attack!
Received a @CoinDeskPodcast invitation from @shaolacoin but require me to install a video call software from "kakaohub".com.
😂I am pretty I will lose my private key right after I install it.
Another day another failed crypto wallet stealer attack. This one by @shaolacoin who has 23k followers including a lot of matching followers! (May be really him or he maybe hacked—I have no idea who he is.)
They arrange to meetup with you for an online podcast by CoinDesk or whatever. Get you to join a semi professional-looking site like "https://t.co/KCX1rxtlDU" to download a link that will certainly scrape your local user for private keys. I went in fully assuming it and to analyze the payload.
I studied the payload to understand specifically what it's doing so it's no longer a mystery when people try to do this to you!
File Hashes for Threat Intelligence:
- filename: https://t.co/oN9YG4fa7O
- SHA256: a146b697e6208a1592cc91bad671bf9752c67201f12f666cb0dd3b4023e2959d
- MD5: 1c55c1ab564c59c45ea6c00470be9a83
⏺ Security Analysis Summary: KakaoSetup Malware
Overview
This is a malicious macOS application masquerading as "KakaoSetup," potentially impersonating the legitimate KakaoTalk messaging application installer.
Key Malicious Indicators
1. Command & Control Communication
- Connects to suspicious domain: https://t.co/DVjE1a9EX7
- Makes HTTP requests to endpoints:
- https://t.co/JtuzrjLfnw]
- https://t.co/2Qcieiw8jt
- Configured to bypass TLS security (allows insecure HTTP, disabled forward secrecy)
- Uses API key authentication in headers
2. Remote Code Execution Capability
- Downloads AppleScript code from C2 server
- Saves downloaded script to /tmp/test.scpt
- Executes the script using /usr/bin/osascript
- Creates a ZIP file at /tmp/osalogging.zip (likely for data exfiltration)
3. Technical Details
- Bundle ID: com.utils.KakaoSetup
- Binary: Universal binary (x86_64 and ARM64) - targets both Intel and Apple Silicon Macs
- Code Signing: Ad-hoc signed (no valid developer certificate)
- Size: ~136KB executable
- Minimum OS: macOS 10.15 (Catalina)
4. Attack Chain
1. User executes the app thinking it's KakaoTalk installer
2. App contacts C2 (Command-and-Control) server at
3. Downloads malicious AppleScript payload
4. Executes downloaded script with osascript
5. Likely collects system/user data and packages it
6. Potentially exfiltrates data back to C2 server
5. Evasion Techniques
- Uses legitimate system tools (osascript) for execution
- Downloads payload dynamically (not embedded in binary)
- Uses generic app name to appear legitimate
- Ad-hoc signed to avoid unsigned app warnings
From the user's perspective:
- Double-click the app thinking it's KakaoTalk installer
- Nothing visible happens (or maybe a brief dock bounce)
- App silently downloads and executes malicious code in background
- User might think the installer failed or is broken
- Meanwhile, malware has already compromised the system
Lastly, I sent a link to the would-be-hackers (I'm so confused!) and logged their ips and hardware:
185.245.106.69 (Telegram on iPhone)
- Location: Amsterdam, Netherlands
- Network: VDSINA (185.245.106.0/24 range)
- Organization: SERVERS TECH FZCO (hosting/VPS provider)
- Type: Data center/hosting infrastructure
- Registration: August 2024
146.19.190.19 (Windows PC)
- Location: Netherlands
- Network: 146.19.189.0/24 range
- Organization: ORG-PIB6-RIPE (netname: NL-PROVIZOIP-20211117)
- Type: Likely hosting/VPS infrastructure (based on naming)
- Registration: November 2023
If you are a white hat hacker or security researcher and want access to the zipped malware I will link to it here. Only unzip it in a virtual machine:
https://t.co/tc0F5pmyz5
Stay safe out there and don't download any "updates" on calls with strangers (or old friends)! Only download updates straight from the source.
@firefliesai’s early days were 🙃 wild.
There were actually humans secretly listening in and typing everything out.
And now you can just make a prototype using AI within a day.
The college paradox:
School feels easier as students lean on ChatGPT, but jobs are harder to get as firms cut entry-level roles.
The same AI tech that helps you pass classes can make you replaceable🙃
Excited to be invited by @CoinDesk for a podcast!
Honestly, I am a bit tired of the same AI x Web3 narratives such as X402, trading bots etc
I'd rather to talk about the other side of AI in Web3 so we can spread innovation more evenly and build real products. Any ideas?
#letsconnect #innovationthroughcode
Detect token risks before everyone else
Our new AI token analysis V2 just dropped👇
1️⃣ Smarter detection for scam & rug-pull risks
2️⃣ AI reads contract code like real devs — catches what rules miss
3️⃣ 30 free scans per user, every day
Try it now at 🔗 https://t.co/4q1HTNbaMx
#AI #tokenization #SmartContracts #Scamcoin #honeypot #CryptoScam #CryptoMarket #RugPull
@0xcoconutt Interesting insight, but I believe AI products will evolve and help users to explore and discover new ideas/products if serendipity and whimsy are valued by shoppers