Really great technical write up on the #macos #stealer malware I found ~2wks ago. Even without much free time to analyse I could see it was different from other common infostealers and thought it was worth sharing so awesome peeps like L0Psec could deep dive. Thx for the credit

Was slightly triggered that most Poseidon Stealer related things have been associated with Mythic Poseidon (the first option) on Threatfox abuse.ch 😅 can we just go back to thinking it's an AMOS variant? 😂

#AtomicStealer has implemented a basic check for the user "run" to prevent analysis in Recorded Future / Hatching triage 🤣 When executing as "run", rather than the password prompt, you are greeted with an endearing message from the devs "idi nahui dolbaeb."

Just a little bit over a year since the arrests associated with bulletproftlink (BPL). Shame it didn't result in any charges. This visualisation is of bitcoin transaction activity assoc. with wallet addresses I attributed to BPL with a high level of confidence. Not exhaustive.