In the past weeks I interviewed the staff from the major infostealers projects, a total of 7: Lumma,Raccoon,Meduza,Vidar,Amadey,StealC,Meta. Below you will find a short summary of this series that ends today, and also the ones who refused to talk. 👀👇 https://t.co/MPtxQmstxI

Featuring one of the most cool interviews with a MacOS infostealer developer, because “macOS is the safest system and has no viruses.” Collaboration with @osint_barbie 🍎🤩 No more spoilers today, read now a interview with Phexia: https://t.co/3GFnN3n4Jg

A short interview with XFILES (also known by researchers as DeerStealer) 🦌 Since 2021 on the playground, alledgelling offering multiple malware solution for both Windows but recently also MacOS 👀 Read here 👇👇 https://t.co/jbRTvTx6Wl

BTW good time to feature some past posts https://t.co/2G2Tzv3ZGO https://t.co/ICrb7iZPqp https://t.co/nC724ZaZZB

1 week after the the operation on Rhadamanthys, it seems to be more disruptive than the one did on Lumma (which should be a good comparation) since the infostealer has not returned soon. So it seems we can start talking about another one missing on the Internet, at least for

Infostealers are a global issue and are feeding up other kind of crimes worldwide, its not a one country thing. You may see in the recent news (see video) how a major scam hub was blew out in Myanmar after being raided, 346 detained and +10.000 phones confiscated, the second

First thoughts about #Rhadamanthys Stealer "disruption" (?) and what to expect in the next days with the current information as of November 13th: The same way I did with Lumma I want to share some words ( https://t.co/t5wpfVCa85) Leaving to one side from the discussion anything

Confirmed rumours about targeting Rhadamanthys, customers messaged by Dutch Police, associated domains displaying a seized banner #Endgame 🐉

More rumours! (⌛️?) Rhadamanthys customer message: Dear <redacted>, International law enforcement agencies have designated Rhadamanthys as a target under OPERATION ENDGAME. Our data points to your possible involvement with Rhadamanthys. This information has been recorded by

Multiple unknown affirmations of a major blow on Rhadamanthys Stealer infrastructure while admin urges to pause work and reinstall servers, and users reportedly finding problems to login into control panels Rhadamanthys main onion domains are unavailable as for now This is a

Danabot is back recently as reported with new updates, see statements and demo video below: "We have launched a new version of the product with a global system update. Now users of the staff tariff can use our own loader, as well as a new bot installation system. There are a lot

More #Grandoreiro targeting Spain 🇪🇸🇪🇸, impersonating Hospital @Hospital_FJD @quironsalud and a (fake? 😂) law firm. Using spoofed emails Deliver landing /vmi2895023.contaboserver.net >> /vmi2895024.contaboserver.net C2: 3.238.96.208:5874 nextgenpass.hopto[.]me Analysis:

America needs you! Join U.S. Immigration and Customs Enforcement today.

New #Grandoreiro campaign impersonating AEAT (National Tax agency) geo target Spain 🇪🇸🇪🇸 Deliver page /vmi2895604.contaboserver.net C2 44.192.48.117:7432 techscalemaster.privatizehealthinsurance[.]net Analysis: https://t.co/3ru4VkW9rK Samples: https://t.co/amkWkmbCsb

#Grandoreiro Geo target 🇪🇸🇪🇸 November 2025 Email > Landing download > ISO > .vbs > Grandoreiro Analysis: https://t.co/m1CqgaTM89 IOCs: launchboosthub.myactivedirectory[.]com 3.231.226.146:5871 growthmodelabs.net-freaks[.]com 44.192.46.125:7432

GIVEAWAY UPDATE! 🍎♥️🤘 The winner has been selected and it’s @0x2asec 🎉 Apologies for the few days delay in announcing – it took us a bit longer to contact and get the books shipped (PS. Vol I & II of The Art of Mac Malware by @patrickwardle are already on their way 📦)

A interview with AURA stealer, a new emerging malware solution to have a look over the next months Read now here 👇📚 https://t.co/H1QsGAHn2g

Reports of the detainment of three people behind the infamous Meduza Stealer (interviewed back in 2023 - https://t.co/TIo21TlJVE) in the Moscow region, Russia 🇷🇺, accused of "gain unauthorized access to data of one of the institutions in the Astrakhan region in May of this year"

1/ Sometimes the best hunts start with a simple share. A few strings from an updated #MacSync #macOS malware, dropped casually by @g0njxa, led us to the FUD file, which appears to be a dropper 👇

The bulk of the void that AMOS fading left into the MacOS MaaS infostealers is already being filled by other solutions such as MacSync (interviewed by @osint_barbie and I recently: https://t.co/cKrFyqBQlZ), who allegedly want to be "at AMOS level by the end of the year". In

Currently seeing a surge on #CastleLoader malware being delivered through fake websites impersonating software used in enterprise environments such as Zabbix or RVTools (see photo 1 & 2). IOCS below 👾🔎 Please note that this campaign uses the same exact template lures of

GIVEAWAY TIME! 🍎♥️🤘 In case you missed the opportunity to grab yours, celebrating the success of #OBTS V8 in Ibiza 🇪🇸 @objective_see (@andyrozen), and special thanks to @osint_barbie, we will be holding a giveaway of @patrickwardle "The art of Mac Malware" books - Vol. I