Hacker News new | past | comments | ask | show | jobs | submit login
OS X/Hydromac: New Mac adware, leaked from a flashcards app (objective-see.com)
91 points by iscmt 4 months ago | hide | past | favorite | 9 comments

Many of the screenshots in the posted article are too small and blurry to be of any use. In the original article [1] they can be zoomed and are actually readable.

[1] https://blog.confiant.com/osx-hydromac-a-new-macos-malware-l...

If you're going to censor someone's github profile, actually censor it. It took exactly 5 seconds to find the github profile in question, so you might as well either out them at this point or black out ALL the identifying information (there is exactly one google search result). I would have expected his user pic to be a stock photo used by a burner account or something, but it appears to be unique.

Anyway, very interesting research. I'm very curious why anyone would even see fit to make flashcards about this sort of thing, what makes it worth memorizing?

Also has a LinkedIn page with the Ad inc employer https://www.linkedin.com/in/jasonwaynetaylor he was the project manager most likely.

Sterkly Languages: c, c++, c#, JavaScript, obc++ Frameworks: .net, .net core, Entity Framework Platform experience: Windows, Windows Server, macOS Software experience: Windows services, MacOS launch agents, Mac apps, Windows installers, Mac installers, Server Rest APIs, operational portals, sql, MongoDB, Aerospike(nosql), Unity(personal projects), AWS(s3, kinesis, redshift, athena)

Yeah, that was easy to find. San Diego is also a hotspot for shady online advertising.

They were probably developing the app themself and forgot they included the information in a test card or something?

> US soldiers stationed on European bases that host nuclear weapons have exposed a multitude of sensitive security details -- including where weapons are stored & secret duress words -- by using flashcard learning apps that appear publicly in online searches

I'm wondering what's the name(s) of these flashcard apps ?

>Simply searching for “PAS”, “WS3” and “vault” on Google together with the names of air bases in Europe quickly led to free flashcard platforms such as Chegg, Quizlet, and Cram.


Oh haha, didn't realize it was the soldiers that were entering sensitive information themselves.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact