Hello and welcome to the Wednesday, January 29th,

2025 edition of the Science Internet Storm Center's Stormcast.

My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

In diaries today, Xavier is talking about new Python matter that Xavier came across,

this one going after Exodus

wallets. Exodus is a popular cryptocurrency wallet, and in this case, the malware is trying to

infiltrate secret keys in case the wallet is password protected. It also is looking for passwords in common password managers.

All is written in Python, not leaving much of a fingerprint on the file system,

like all the data is kept in memory and then directly exfiltrated.

The keystroke logger is also kind of interesting in that it doesn't just simply

record keystroke, but also has some of special setups. For, for example, if something is

copied to the clipboard, it will automatically then grab data from the clipboard and exfiltrate

this as well. Cryptocurrencies keep coming up more and more, of course, lately with the increased

value of cryptocurrencies, and that's probably just going to continue.

Interesting to see Python sort of jumping in here with some malware, and yeah, Xavier has

lots more details in his diary,

including code snippets from the actual malware.

And the Arctic Wolf is reporting that they are now seeing some compromised simple help server.

No Surprise Horizon 3 AI released about a week ago.

Details about a number of vulnerabilities. There was an unauthenticated path traversal

vulnerability. There was an arbitrary file upload and remote code execution vulnerability,

as well as a privilege escalation vulnerability. So no surprise that these systems are being exploited.

...