Mastodawn

FakeWallet crypto stealer spreading in the App Store

In March 2026, over twenty phishing applications were discovered in the Apple App Store masquerading as popular cryptocurrency wallets. These malicious apps redirect users to browser pages distributing trojanized versions of legitimate wallets engineered to steal recovery phrases and private keys. The campaign has been active since at least fall 2025, targeting major wallets including MetaMask, Ledger, Trust Wallet, Coinbase, TokenPocket, imToken, and Bitpie. The infected apps use iOS provisioning profiles for installation and employ library injection techniques to hijack legitimate code. The threat primarily targets users in China where official crypto wallet apps are regionally restricted. Some infected apps also contained SparkKitty modules, suggesting possible links between threat actors. The malware exfiltrates stolen credentials using RSA encryption to command-and-control servers.

Pulse ID: 69e64149d8dcee0acea28f7f
Pulse Link: https://otx.alienvault.com/pulse/69e64149d8dcee0acea28f7f
Pulse Author: AlienVault
Created: 2026-04-20 15:07:53

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Browser #China #CyberSecurity #Edge #Encryption #InfoSec #Malware #OTX #OpenThreatExchange #Phishing #PoC #RAT #Rust #Trojan #bot #cryptocurrency #iOS #AlienVault

LevelBlue - Open Threat Exchange

Learn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

LevelBlue Open Threat Exchange

OTX Bot 23h ago

FakeWallet crypto stealer spreading in the App Store

In March 2026, over twenty phishing applications were discovered in the Apple App Store masquerading as popular cryptocurrency wallets. These malicious apps redirect users to browser pages that distribute trojanized versions of legitimate wallets designed to steal recovery phrases and private keys. The campaign primarily targets users in China, exploiting regional restrictions that prevent official crypto wallet apps from being available in the Chinese App Store. Attackers use typosquatting and fake promotional materials to deceive users. The infected applications leverage iOS enterprise provisioning profiles for distribution and employ various techniques including malicious library injection and source code modification. The campaign has been active since at least fall 2025 and targets major wallets including MetaMask, Ledger, Trust Wallet, Coinbase, TokenPocket, imToken, and Bitpie. Some infected apps also contained SparkKitty modules, suggesting potential links between threat actors.

Pulse ID: 69e5ff33953b2bfaa5b6c105
Pulse Link: https://otx.alienvault.com/pulse/69e5ff33953b2bfaa5b6c105
Pulse Author: AlienVault
Created: 2026-04-20 10:25:55

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Browser #China #Chinese #CyberSecurity #Edge #InfoSec #OTX #OpenThreatExchange #Phishing #PoC #RCE #Rust #Trojan #TypoSquatting #bot #cryptocurrency #iOS #AlienVault

LevelBlue - Open Threat Exchange

Learn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

LevelBlue Open Threat Exchange

Darrell Hilliker 👨‍🦯♾️📡2d ago

The Simple PTT Lucid: A Push-to-Talk Radio Built with the Blind Community in Mind: https://blindaccessjournal.com/2026/04/the-simple-ptt-lucid-a-push-to-talk-radio-built-with-the-blind-community-in-mind/ #accessibility #AmateurRadio #HamRadio #GMRS #POC

The Simple PTT Lucid: A Push-to-Talk Radio Built with the Blind Community in Mind

For years, push-to-talk over cellular (POC) radios have offered something remarkable: the reach of a nationwide radio network, without the limitations of traditional two-way radio. Whether you are …

Blind Access Journal

maniabel 3d ago

UnDefend: noch ein ZeroDay-PoC von Chaotic Eclipse/Nightmare‑Eclipse. Und das war bestimmt noch nicht alles.

Mehr: https://maniabel.work/archiv/1462

#ChaoticEclipse #NightmareEclipse #PoC #UnDefend #Windows #ZeroDay #infosec #up2date

Noch ein PoC: UnDefend von Chaotic Eclipse/Nightmare‑Eclipse – maniabel

Entdecken Sie, was Sie für die Sicherheit und den Schutz Ihrer Daten selbst tun können: Digitale Daten selbst schützen & sichern <meta charset=

Chris Smart 3d ago

Demo of an accessible #POC #Radio, the Lucid SimplePTT
https://www.simpleptt.com/product-page/the-2026-lucid-budget-radio
#blind #accessibility #communications

The 2026 LUCID Budget Radio | SimplePTT

About The Lucid:Ideal for the visually impaired. SimplePTT was asked to provide a radio that will be easy to use for the visually impaired, so this is the one! This radio has the ability to read every menu option, channel name and members out loud so visually, although appealing, isn't necessary.The LUCID nationwide two-way radio uses PTT technology, combined with a high-sensitivity microphone and AI algorithms, to eliminate over 95% of background noise during operation. Even in harsh weather or dense urban environments, it delivers clear and reliable audio. Designed for team coordination in factories, construction sites, Families, Security or warehouse operations, this POC radio ensures crisp communication when it matters most. The Lucid Features a powerful 4800mAh battery. The Lucid nationwide PTT walkie-talkie supports all-day talk time and up to 7 days on standby. It supports multiple charging methods, including advanced USB-C fast charging, offering a fast and convenient charging experience. A single full charge keeps you connected through extended outdoor adventures. Cellular Bands Supported: LTE-FDD: B1/B2/B3/B4/B5/B7/B8/B12/B13B/B17/B66; LTE-TDD: B38/B40/B41.Item Dimensions D x W x H: 1.18"D x 1.97"W x 3.74"HUSB-C Charging anywhere!4800MAH Battery for long lasting use!

SimplePTT

Forest Harbinger 3d ago

Next Crossover with Sound!!
#Mauga is high damage Tank, but is also damage soaking machine! 💪🏽💪🏽💨🚧

He need Big. Deep. Heals to stay in the Fight. #Gambit knew just what he needed~♦️♠

#bara #overwatch #marvelrivals #videogame #gaymer #nsfwart #gaynsfw #gayanimation #animated #gaysex #gayporn #gayart #exhibition #lewd #men #ass #cock #dick #manly #mxm #yaoi #hentai #anal #powerbottom #poc #sound

Forest Harbinger 3d ago

Next Crossover with Sound!!
#Mauga is high damage Tank, but is also damage soaking machine! 💪🏽💪🏽💨🚧

He need Big. Deep. Heals to stay in the Fight. #Gambit knew just what he needed~♦️♠

CyberVeille.ch 4d ago

📢 RedSun : PoC exploitant Windows Defender pour écraser des fichiers système et élever les privilèges
📝 ## 🔍 Contexte

Publié le 16 avril 2026 sur GitHub par l'utilisateur **Nightmare-Eclipse**, le dépôt **RedSun** expose une vulnérabilité affe...
📖 cyberveille : https://cyberveille.ch/posts/2026-04-16-redsun-poc-exploitant-windows-defender-pour-ecraser-des-fichiers-systeme-et-elever-les-privileges/
🌐 source : https://github.com/Nightmare-Eclipse/RedSun
#IOC #PoC #Cyberveille

RedSun : PoC exploitant Windows Defender pour écraser des fichiers système et élever les privilèges

🔍 Contexte Publié le 16 avril 2026 sur GitHub par l’utilisateur Nightmare-Eclipse, le dépôt RedSun expose une vulnérabilité affectant Windows Defender (antivirus Microsoft). Le code source est disponible en C++ sous licence MIT. 🐛 Description de la vulnérabilité La vulnérabilité repose sur un comportement inattendu de Windows Defender lors de la détection d’un fichier malveillant portant un cloud tag : Lorsque Windows Defender identifie un fichier malveillant avec un cloud tag, au lieu de le supprimer, il réécrit le fichier à son emplacement d’origine. Le PoC abuse de ce comportement pour écraser des fichiers système arbitraires. L’exploitation permet d’obtenir des privilèges administrateurs (élévation de privilèges). 💻 Détails techniques Langage : C++ (100%) Fichier principal : RedSun.cpp Le dépôt contient une release initiale publiée la veille de l’article. 664 étoiles et 128 forks au moment de la publication, indiquant une forte visibilité communautaire. 📌 Type d’article Il s’agit d’une publication de PoC (Proof of Concept) accompagnée d’une description technique de la vulnérabilité. Le but principal est de divulguer publiquement un comportement anormal de Windows Defender exploitable pour une élévation de privilèges locale.

CyberVeille

Chris Alemany🇺🇦🇨🇦🇪🇸5d ago

On a positive note. It is nice to see a diversity of women continuing to be a strong part of the Liberal Party caucus of MPs.

All three MPs elected in the by-elections on Monday were women, two POC including Doly Begum who was previously an Ontario NDP MPP and deputy leader of that party.

#Canada #representation #POC #CanPoli #CdnPoli #LPC #NDP

https://www.cbc.ca/player/play/video/9.7164457

Carney, Liberals welcome 'reinforcements' to caucus after clinching majority

After Liberals clinched a majority government in Monday's byelection sweep, Prime Minister Mark Carney walked MP-elects Tatiana Auguste, Doly Begum and Danielle Martin to caucus on Wednesday. 'Canadians have placed their trust in the government's plan,' Carney said.

CBC