Check out a really fun way to honeypot applications :) intezer.com/blog/malware-a…

Good morning San Francisco! All those at #BSidesSF please join talks from Nicole && Avigayil Mechtinger with myself! It will be a good time! 1:30pm today && 1:30pm tomorrow.

Interesting wee file we found back in March, turned out to be one part of a bigger modular malware framework. This is what we know so far. I hope someone out there has the other pieces of the jigsaw puzzle. 🤔 Have a wee gander hai! #malware #Linux intezer.com/blog/research/…

A wee blog on use of encryption in malware. More to come 😉. Keep an eye oot.

What's Happenin? Wile chuffed to say that I will be speaking at BSides Belfast this year. I went to my first BSides Belfast in 2017 and am finally going to speak at it. Hope to see everyone there and bump into old friends. Big thanks to my co-author Nicole!

people often talk about the malware that they find on virustotal. But seldom to they share the love letter executables 💔💔💔💔💔💔💔💔💔 Let's share one from Brazil 🇧🇷 [1/7] 🧵

In a recent blog documenting Handala, I really enjoyed one of the stages of the malware chain. A Delphi file stitches together different files to build an AutoIt interpreter and a obfuscated AutoIt script. Let’s take a deeper look at the obfuscated script…[1/16]

Recently, Cado Security has identified a malware-as-a-service (MaaS) targeting macOS users named “Cthulhu Stealer”. This blog will explore the functionality of this malware and provide insight into how its operators carry out their activities: hubs.li/Q02LZ0sm0

New macOS Malware video going over Golang strings in arm64 using the Cthulhu Stealer. Go strings are structs and are not null terminated so tools have difficulty parsing them. Understanding how they work from a disassembly perspective helps. :) youtube.com/watch?v=gEGfRy…

🔥 Selenium Grid Targeted for Crypto Mining! Default no-auth settings make it a prime target for attackers injecting crypto miners and proxyjacking scripts. Learn more: thehackernews.com/2024/09/expose… Lock it down now!

Cado Security Labs recently discovered a GuLoader campaign targeting European industrial and engineering companies. Read the full research blog here: hubs.li/Q02XfX1f0

Cado Security Labs has discovered a new malware campaign targeting Web3 workers with a sophisticated scam using AI-generated content to appear legitimate. Read more in our latest blog post: hubs.li/Q02-8cBd0

Cado Security Labs researchers have identified a scam targeting people who work in Web3. The Meetio campaign includes the Realst infostealer, which has both macOS and Windows variants, and has been active for around four months. cadosecurity.com/blog/meeten-ma…

MacOS Passwords Alert—New Malware Targets Keychain, Chrome, Brave, Opera trib.al/c7ibwqb

It's official. The Darktrace acquisition of Cado Security is complete. We are beyond excited for what's next. Stay tuned!

Cado Security Labs has identified a malware campaign targeting the Royal Thai Police. Attributed to the Chinese APT group Mustang Panda, this campaign uses decoy documents and shortcut files to deliver Yokai backdoor. Read the full blog post here: hubs.li/Q038bs5y0

Cado Security Labs has identified a novel cryptomining campaign targeting exposed Jupyter Notebooks to deliver cryptominers on both Windows and Linux systems. Read more here: hubs.li/Q03bKkCd0

Cado Security Labs have identified a Python Remote Access Tool that allows users to remotely access and control a system using Telegram. Learn more in our latest blog post: hubs.li/Q03dvNRP0

🚨 A new botnet is quietly hijacking Linux-based IoT devices. PumaBot is targeting embedded Linux IoT devices—brute-forcing SSH, mining crypto, and hijacking credentials. It impersonates Redis, evades honeypots, and survives reboots using systemd persistence. 🔗 Read:

🚨 Crypto users targeted in ultra-slick social engineering scam. Hackers built dozens of fake AI/Web3 startups—complete with logos, blogs, and verified X accounts—to push malware disguised as investment tools. The malware drains wallets on both Windows & macOS. Details here →