Olivia
Online
Declin8
@Declinee18
Security Researcher @officiallyiru
Joined September 2021
237 Following
57 Followers
57 Posts
After having 100+ CVEs with Apple, and working with their security team even before ASB was a thing, this below is simply not how things work in real life. Mistakes happen, and duplicates happen (I always got credit even for those) but ASB is still one one the best BB programs out there.
Interested in the evolution of how macOS security has improved over the years, related to logic vulnerabilities?
@theevilbit will be delivering a (virtual) talk on this topic at the University of Utah MacAdmins Meeting tomorrow, May 20th.
Want to virtually join and hear his talk? Event details here: https://t.co/HBxNAewUoZ
👉Use the site's "Contact Us" page to request a Zoom link to join.
While testing our ML detection models, we detected on a new cross-platform campaign we're tracking as SStar Agent.
Most of the Mach-O samples were sitting at zero detections on virustotal.
We have gone and analyzed the the macOS and Windows variants.
https://t.co/QJc2l4j6kM
@officiallyiru @Declinee18
@AdamJKohler for doing alot of heavy lifting on the report
I will add that building ML models is acc rlly fun when u can take ur domain expertise and apply it to malware classification.
Here's a low detect macho backdoor we caught deployed via malicious npm package
https://t.co/GBK6y5Gp32
115 new detection rules. 6 CVEs credited to our researchers. And three threat trends that dominated the macOS landscape this past quarter.
Iru's latest quarterly "Threat Intelligence Report" is out. It covers:
-ClickFix social engineering going mainstream on macOS
-DPRK "Contagious Interview" campaigns targeting Mac developers
-Supply chain compromises hitting npm packages with 100M+ weekly downloads
-And more... including a preview of what's coming next
Read the full Threat Intelligence Report for the past quarter here: https://t.co/xObZWlxgqz
New on the Iru blog: MiniRAT, a Go macOS RAT delivered via a compromised npm package (velora-dex-sdk).
https://t.co/F1UgyCMUjR
A new Go-based macOS RAT hiding inside an npm package has surfaced, called MiniRAT.
Here's our security research team's analysis & IOCs for MiniRAT: https://t.co/RiQRQEAvOH
MiniRAT: A Go-based macOS RAT delivered via malicious npm package
https://t.co/oc6TtF5t6I
a few found:
86b317d69086daf2bc58d3b79e71ce2778926254fdd78e0182baa4f7963e9b57
10a6f9fd32ad159e2e0730f7225356aa1546fabbfafd617608c151582444b379
97e2470561d21bdcd25d591d2e711cdf9ca4fd70f3fb848b341e44a6bdc08416
Did you know you can hunt using keywords from code insight on VT? Pretty cool way to hunt for potential undetected macOS malware ;)
here's one I did:
type:macho and (has:codeinsight AND (codeinsight:RAT codeinsight:backdoor) AND NOT tag:ios AND positives:1+) fs:3d+
Happy Hunt!
Love when my research gets picked up :)
Thanks for the credits!
pivoting off regarding AMOS Stealer @Gi7w0rm https://t.co/YsNRLO1ZSY
we took a look at it to:
https://t.co/WWFRUeRlhR
and have created a VT collections on all the hunted IOCs:
https://t.co/JBGaYR7ueI
📢🍏 macOS is now part of the EDR Telemetry Project. After three months of focused work, we’re excited to share a new framework and generator for endpoint visibility on macOS!
Huge thank you to everyone who contributed and helped shape this release. Looking forward to what comes next.
Read more: https://t.co/qxDGMMsrlH
‼️ China's biggest cybersecurity company, Qihoo 360 (461M users), just leaked their own wildcard SSL private key inside the public installer for their new AI assistant "360 Security Claw."
The private key for *.myclaw.360.cn was bundled directly in the download package under /namiclaw/components/OpenClaw/openclaw.7z/credentials. The cert is valid until April 2027.
Attackers can now impersonate their servers, intercept user traffic, and forge login pages.
Fun fact: the founder promised the product would "never leak passwords."
MacSync Stealer via #ClickFix
Neural DSP Archetype John Mayer X WiN-MAC Plugin Crack.dmg
161a37e0933f9dd2f808b5c216552faf
Download IRCAM IRCAMAX 2 Max For Live Plugin Crack.dmg
424958e4a671caf356cae5df3d099f97
#MacSyncStealer #Stealer #MAC #IOC
@suyog41 This has been documented due to seeing so many of these coming from similar/same sources:
https://t.co/KMjmc7QdIb
Update: Here's the VT collection for DMG loader to Clickfix IOCs for distributing Macsync/Odyssey Stealer
https://t.co/7yfkFflejS
Blog:
https://t.co/KMjmc7QdIb
https://trickflag[.]info
datacloudhost3[.]baby
I mean cracked DMGs ain't uncommon, but it's it tries multiple different ways to grab next stage payloads....
1. through Macho
2. through script
3. Shiii "open browser <clickfix redirect>"
https://t.co/KMjmc7QdIb
Last Seen Users on Sotwe
Jenny
Seen from United States
Telegram Porno İfşa İzle
Seen from Turkey
มิว
Seen from Spain
FERİDE. İSTANBUL ANADOLU YAKASI
Seen from Turkey
TransXworld🏳️⚧️
kapalı sever
Seen from Turkey
PPP 
Seen from Netherlands
OLGUN GEZGIN 50
Seen from Turkey
TUNISIAN CUCKOLD 🇹🇳
Federico Machado
Seen from Argentina
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.3M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
87M followers
Taylor Swift
@taylorswift13
80.9M followers
Lady Gaga
@ladygaga
72.4M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
68.9M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.5M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.1M followers