In April 2025, Huntabil.IT observed a targeted attack on a Web3 startup, attributing the incident to a DPRK threat actor group. Several reports on social media at the time described similar incidents at other Web3 and Crypto organizations. Analysis revealed an attack chain consisting of an eclectic mix of scripts and binaries written in AppleScript, C++, and Nim. Although the early stages of the attack follow a familiar DPRK pattern using social engineering, lure scripts, and fake updates, th
macos (4)
Our colleagues at Sentinel Labs have again provided expert collection and analysis on the 2024 macOS Malware. Across 2024, researchers saw a sharp rise in malware campaigns aimed at macOS users in the enterprise. From infostealers masquerading as business and productivity apps to sophisticated modular backdoors, not to mention plenty of APT activity, threat actors were busier than ever developing and deploying malware to compromise organizations and steal sensitive data.
Linl to full report:
LightSpy is a modular surveillance framework that can be used to steal a variety of data, including files, screenshots, mobile location data, or even messenger data from apps like Telegram. It was first documented by TrendMicro and Kapersky in 2020 as an iOS implant. At the time, LightSpy would spread through a watering hole method, which is to say that targets would be directed to pages mimicking local news sites. An example page can be seen in the image below. The APT group said to be resp
Cyber threat actors associated with the Cyclops ransomware have been observed offering an information stealer malware designed to capture sensitive data from infected hosts. The threat actor behind this Ransomware-as-a-Service (RaaS) promotes its offering on forums where it requests a share of profits from those engaging in malicious activities using its malware.
Cyclops ransomware is notable for targeting all major desktop operating systems, including Windows, macOS, and Linux. It is also des
