Absolute state of google, (and frankly the expectations of developers for installing things).

Setting up an older Mac to use as a new work machine, search google for brew Mac looking for the brew.sh site, first result is a sponsored link to httpX://macdev.slab[.]com/public/posts/insta-іі-with-termina-і-g40n4aau?shr=6etwxr0gksp2ltctcqv7gom7. I know it's not right but I got curious, let's see what's inside.

First link is familiar install instructions as we're used to for brew "here copy paste this code into terminal, don't ask questions". * Don't actually do this *

Aww man that base64 makes me feel good and trusting, wonder what's inside

hrmm, that's not brew, oh well maybe this is fine, let's check it out with urlscan, looks like me and 5 of my closest friends have had the same idea
https://urlscan.io/result/019d298d-3b24-7571-a37a-12575ae1eb84/

Another base64 blob, that truly gives me the warm and fuzzies, I'm starting to think maybe it's not brew https://pastebin.com/5cr5Nh1W
VirusTotal thinks this new blob might be a stealer https://www.virustotal.com/gui/file/54043cd8874e0eabbced73e433cfa30c75fd45364ae4f03fbda2eabca9d8d994?nocache=1

This blob grabs some basic info then pulls an osa script which appears to be the friends we made along the way (stealer)
https://www.virustotal.com/gui/file/f02758a235a220f2fa125bb6f45a49e674fd8b91f320a382e8b7017d93afbc74

Pastebin doesn't like the script so won't upload it there, can reach out if a copy is needed, but seems to be pretty well indexed

#osx #malware #stealer #google #brew

MacOS Stealer MioLab Adds ClickFix Delivery, Wallet Theft and Team API Tools
https://cybersecuritynews.com/macos-stealer-miolab/

#Infosec #Security #Cybersecurity #CeptBiro #MacOS #Stealer #MioLab #ClickFixDelivery #Wallet #APITools

A new one on me... #sentinel #stealer

https://app.any.run/tasks/0dba490a-730a-4969-9abe-388ce720fd19

 Evelyn Stealer Malware abuses VS Code Extensions to steal Developer Credentials & Crypto.

IT-Security researchers have disclosed details of a malware campaign that's targeting software developers with a new information stealer called Evelyn Stealer by weaponizing the Microsoft Visual Studio Code [VS Code] extension ecosystem.

⚠️"The malware is designed to exfiltrate sensitive information, including developer credentials and cryptocurrency-related data. Compromised developer environments can also be abused as access points into broader organizational systems," Trend Micro said in an analysis.⚠️

https://www.trendmicro.com/en_us/research/26/a/analysis-of-the-evelyn-stealer-campaign.html

#microsoft #vscode #evelyn #stealer #it #security #privacy #engineer #media #developer #infosec #tech #news

Вредоносное ПО Mamont снова атакует РФ

Троян Mamont продолжает вести свою вредоносную деятельность, направленную на пользователей Android-смартфонов. В ходе отслеживания активности семейств вредоносных программ для операционных систем Android эксперты отдела исследований киберугроз «Перспективного мониторинга» обнаружили вариацию вредоносного ПО Mamont с названием Фото(92).apk , датированную 2026 годом. В ходе тщательного анализа этого образца была выявлена новая панель управления C&C — fensteadom[.]com.

https://habr.com/ru/companies/pm/articles/993182/

#вредоносное_по #android #stealer #mamont #мошенники_в_интернете #telegram

More malware from Google search

https://fed.brid.gy/r/https://eclecticlight.co/2026/01/30/more-malware-from-google-search/