Beyond Beacon

Malicious OpenClaw Skills Used to Distribute Atomic MacOS Stealer - https://t.co/khCC7C7Btl Key takeaways - Atomic (AMOS) Stealer has evolved from being distributed via cracked software to a more sophisticated supply chain attack that manipulates AI agentic workflows on platforms like OpenClaw. - Malicious instructions hidden in https://t.co/7p85lRkme7 files exploit AI agents as trusted intermediaries that present fake setup requirements to unsuspecting users. A deceptive human-in-the-loop dialogue box pops up to trick the user into manually entering their password to facilitate the infection. - The campaign spans multiple repositories with threat actors uploading hundreds of malicious skills to ClawHub and SkillsMP. - This AMOS variant lacks system persistence and ignores .env files but expands its reach by exfiltrating Apple and KeePass keychains alongside various user documents.

🦔 Security researchers discovered the first Android malware that uses AI to help it survive on your phone. The malware, called PromptSpy, sends Google's Gemini model a screenshot of your screen and asks it how to lock itself into your recent apps so Android won't kill it. It loops through this until Gemini confirms success. Beyond the AI trick, it's full-featured spyware. Remote access, intercepting your lockscreen PIN, recording your unlock pattern as video, capturing screenshots, and tracking what apps you're using. To block removal, it overlays invisible buttons over "uninstall" so tapping them does nothing. My Take This is where malware is headed. Traditional malware relies on hardcoded scripts that break when devices differ. Using an AI to look at the screen and figure out what to do next makes malware adaptable in ways that used to require much more sophisticated programming. The AI isn't writing the malicious code, it's just helping the malware navigate your phone, but that's enough to make it way more reliable across different devices. I don't think Google is liable here since Gemini has no idea it's helping malware. But as AI gets embedded into more attack chains, these companies will face pressure to detect and block malicious patterns. Whether that's possible without breaking legitimate uses is an open question. For now, be careful what you install, and if an app asks for Accessibility permissions and you don't know exactly why it needs them, don't grant it. Hedgie🤗

Clawd disaster incoming if this trend of hosting ClawdBot on VPS instances keeps up, along with people not reading the docs and opening ports with zero auth... I'm scared we're gonna have a massive credentials breach soon and it can be huge This is just a basic scan of instances hosting clawdbot with open gateway ports and a lot of them have 0 auth

adminless RDP. pure powershell. fully undetected. yes it's 3 am yes this took all day but I isolated exactly WHY defender flags screen capture no obfuscation full video + research files dropping? its pretty cool i finally did it run this on your target live screen preview, full keyboard and mouse control doesnt need admin or trigger defender FULLY UNDETECTABLE and you'd be genuinely shocked what the little thing was that usually catches it

🛡️ MEDUSA Security Testing Tool With 74 Scanners and 180+ AI Agent Security Rules Source: https://t.co/1vrCecMXqW MEDUSA, an AI-first Static Application Security Testing (SAST) tool boasting 74 specialized scanners and over 180 AI agent security rules. This open-source CLI scanner targets modern development challenges like false positives and multi-language coverage. MEDUSA consolidates security scanning across 42+ languages and file types, including Python, JavaScript, Go, Rust, Java, Dockerfiles, Terraform, and Kubernetes manifests. The tool includes 180+ rules tailored for agentic AI, covering OWASP LLM Top 10 2025 risks like prompt injection, tool poisoning, and RAG poisoning. #cybersecurityNews

Attackers don’t need stolen certificates. They only need 8 bytes. By flipping 4 bytes in the PE checksum and 4 in the certificate padding, they generate 2⁶⁴ unique driver hashes while keeping Microsoft’s digital signature valid. Why it matters: - Those 8 bytes sit outside the region Windows verifies. - Every variant looks “signed and trusted.” - Hash-based blocking becomes useless overnight. That’s how TrueSightKiller evolved into 2,500+ signed variants. All trusted by Windows, all capable of killing EDRs in seconds. Check out: https://t.co/8ldbtHVJBa