YARA-X is now stable! virustotal.github.io/yara-x/blog/ya…

It's an end to an era 🤣. I have finally put "jsecurity101" to bed on all platforms. You can find my blog and github via: Github: github.com/jonny-jhnson Medium: jonny-johnson.medium.com

New RE Video: youtube.com/watch?v=3imRXE… In this video, I analyze a recent DPRK attributed Mach-O. Not a complicated sample, however does highlight some strange function calling which may interfere with static analysis. Enjoy! :)

Found multiple #Clickfix domains connecting to odyssey1[.]to:3333 AMOS Malware 45[.144.233.192 83[.222.190.250 185.39.206.183 appmacosx[.com financementure[.com appsmacosx[.com macosxapp[.com macosapp-apple[.com macapps-apple[.com macapp-apple[.com republicasiamedia[.com

An Spanish 🇪🇸 individual and MacOS user just lost over $62k in cryptocurrencies after being targeted by traffer scammers making them downloading an AMOS build from an already flagged fake project @VidoriumApp in a timestamp of ~2 hours. Sample from site available here:

My next book is open for pre-orders!!! I have included the first two chapters in audiobook form for free. You can listen to them now on my website or you can listen and read the sample on Apple Books. Looking forward to getting it into your hands. themittenmac.com/threat-hunting…

North Korean hackers deepfake execs in Zoom call to spread Mac malware - Bill Toulas bleepingcomputer.com/news/security/… bleepingcomputer.com/news/security/…

Finally not just the Poseidon stealer. Stoked to get this out there. It’s a lengthy writeup, but it’s good 🦠

Not only is Huntress a generous supporter of our Foundation, they also consistently publish top-notch research on emerging macOS threats 🤩 Their latest (by alden & Stuart Ashenbrenner 🇺🇸 🇨🇦): "Feeling Blue(Noroff): Inside a Sophisticated DPRK Web3 Intrusion": huntress.com/blog/inside-bl…

Hot on the heels of the researched published by Huntress, hunting for Zoom-themed lures from DPRK's #BlueNoroff 💥Learn hunting techniques 💥Leverage new Validin features and data 💥Full, unredacted indicator list (domains, IPs, hashes) validin.com/blog/zooming_t…

BlueNoroff (TA444) just dropped one of the most sophisticated macOS intrusions we’ve seen—deepfakes, fake Zoom links, and custom implants written in Nim, Go, Swift, and Obj-C. Here’s what our team uncovered 🧵👇 huntress.com/blog/inside-bl…

Initial access started with social engineering: 📱 Telegram DM 📆 Fake Calendly invite 🎭 Deepfake Zoom call 🧵 “The threat actor impersonated senior leadership and convinced the victim to install a malicious Zoom extension.” —Stuart Ashenbrenner 🇺🇸 🇨🇦

⏳ Just one week left to submit your talk to #OBTS v8 objectivebythesea.org/v8/cfp.html (CFP closes June 30th). We’ve expanded to 3 days of talks this year, making room for even more cutting-edge research +  first-time speakers. So submit your Apple security-themed proposal today!

Related to the write-up that Moonlock Lab published recently. Another handful of stealers that are fully code signed and notarized. IOCs (DMGs) - 672f9b63a2c00a1376ab22589c05d8f7aef19a1dfc50cc6ea66d75aa741793d6 - b62dc580707d0d968c7070a05b04ca7ec61d5ad14333df1c4f327f3c0e6ed3fb

The Huntress US SOC is looking for some analysts. So if anyone is looking for a role that can be challenging, has malware to play with, and the chance to learn and grow from some awesome people, then take a look at the roles here: lnkd.in/g2aN3hNk.

Jamf Threat Labs uncovered a new variant of the Odyssey Infostealer — signed and notarized at the time of discovery. This variant includes backdoor functionality and techniques that align with recent Atomic Stealer research by Moonlock Lab. More here: jamf.com/blog/signed-an…

im so pumped to be talking through some fun north korean malware with Stuart Ashenbrenner 🇺🇸 🇨🇦 at #OBTS v8 🤠 it's truly a goated lineup and i'm very humbled to be speaking along side so many sick researchers (also dw i will be dressed up in a blues clues onesie for the talk)

So stoked to be speaking alongside alden at #OBTS v8 this year. The caliber of speakers on this dais are stellar. Can't wait to hang out in Spain with the Mac security community. Don't miss our Blue's Clues themed talk - featuring Steve and Blue 🐾

My presentation “XUnprotect: Reverse Engineering macOS XProtect Remediator” at #BHUSA wrapped up yesterday. Thank you so much to everyone who attended. For those who couldn’t make it to #BHUSA, I’ll be sharing the key points from my research in this thread. (1/22)

With "The Art of Mac Malware" Vol II now out, I’ve integrated its content into my #OBTS training: "The Art of Mac Malware: Detection & Analysis" 🍎🐛🔬 So if you want to learn the tools & techniques to uncover & analyze the latest macOS threats, sign up! objectivebythesea.org/v8/taomm.html