Hello, welcome to the Monday, August 17th, 2020 edition of the Sandler and Storm Center's

Stormcast. My name is Johannes Ulrich. And today I'm recording from Jacksonville, Florida.

Just to start out, a quick update on the Sands Data Incident. There are now indicators of compromise that were published by the team

investigating the incident. And you may want to take a look in your own environment for a similar

attack as it's very likely that this same attack did also reach other targets. And to me at least,

the lesson learned here is that it's a good idea to restrict and regularly review forwarder

rules and also do the same for Outlook 365 add-ins.

And in Diaries this weekend, we have yet another example of a malware sample that was intentionally inflated in size in order to likely sneak it past anti-malware.

A lot of anti-malware will just outright refuse to investigate files that

large. In this particular case, the file was 130 megabytes in size. The actual malware was only 24

kilobytes. The additional data came from 54 GIFs and 75 megabytes of just null bytes.

Jan, who analyzed the sample that we received from a reader, also goes through a quick reverse

analysis of this particular sample after the initial data was removed.

Entrant Micro has an interesting report about a Mac malware that appears to be targeting

developers. The malware adds itself to the Xcode project file and then it executes whenever the project

is being compiled.

So interestingly, it doesn't appear that this malware is spreading to any users of the compiled

software.

However, once it runs on the developer's machine, it will try to steal Safari cookies.

It has actually two zero-day vulnerabilities that it's trying to exploit, that include also the

developer version of Safari.

So again, specifically targeting developers.

...