CIRCLE WITH A DOT

had this on my radar for a few days. There's IP addresses, domains, and some round-about description of the HTTP C2 comms.https://censys.com/blog/odyssey-stealer-macos-crypto-stealing-operationI'll have rules for it by the end of the day.#Mac #Infostealer #Suricata #Malware #ThreatIntel

ClickFix campaigns are now leveraging LLM-generated public artifacts for malware distribution.Per Moonlock Lab and AdGuard:• Abuse of Claude artifact pages• Google Ads search poisoning• Obfuscated shell execution (base64 decode → zsh)• Second-stage loader for MacSync infostealer• Hardcoded API key + token-protected C2• AppleScript (osascript) handling data theft• Archive staging at /tmp/osalogging.zip• Multi-attempt POST exfiltrationPrevious campaigns exploited ChatGPT and Grok sharing features.LLM trust is now an operational risk vector.Should EDR flag suspicious AI-guided shell patterns?Source: https://www.bleepingcomputer.com/news/security/claude-llm-artifacts-abused-to-push-mac-infostealers-in-clickfix-attack/Engage below.Follow @technadu for deep technical threat analysis.#ThreatIntel #MacOSSecurity #Infostealer #C2Traffic #ClickFix #LLMSecurity #MalwareAnalysis #AppSec #BlueTeam #EDR #ThreatHunting #CyberThreats #ZeroTrust