1/10: We got tagged by @NietzscheLab under a post about a suspicious PyPI package targeting macOS users. It led to an article exposing the “Meme-Token-Hunter-Bot” on GitHub. Naturally, we had to check it out and sketch the hidden attack flow ourselves. Here’s what we found 👇

Possibly related (again) @abuse_ch @JAMESWT_MHT

🚨 Alert: New macOS Malware Variants, FlexibleFerret, Undetected by Apple’s XProtect 🚨 @LabsSentinel researchers @philofishal and @TomHegel have uncovered new variants, which slip past Apple's XProtect, of the DPRK-linked macOS malware, Ferret. Dive deeper into our findings to stay ahead of this sophisticated threat: Key Insights: 👉 Detailed analysis of the malware's capabilities, part of the ongoing Ferret family campaign. 👉 Comprehensive list of indicators for threat hunters and defenders to identify and mitigate the threat. 👉 Threat actors are dynamically adapting, moving from signed to unsigned applications to evade detection. 👉 Both targeted attacks and broader 'scatter gun' approaches via social media and platforms like GitHub. @LabsSentinel continues to track and publicize these activities to bolster community defenses. SentinelOne customers are protected from all known variants of the Ferret family.

Well this took all of January, but that's a wrap! Mahalo for following along 🙏🏽 I've just uploaded a (100 page+) PDF of the complete blog post: Also all samples in the report have been made available for download #SharingIsCaring 🍎👾🥰