Admiral Grace Hopper was the first to devise the theory of machine-independent programming languages and is credited with writing the first computer manual. You can now watch her famous 1982 lecture. And you should, she’s a hoot.

🦊 What We’ve Been Up To 🦊

MetaMask More Secure with Wallet Guard

We are SUPER excited that Wallet Guard joined the Consensys crew in July and are adding new layers of protection to keep users safe! Read about their core technology integration, comprehensive life cycle protection, and faster response to threats!

🎙️ MetaMask in the Security Ecosystem 🔎

UPCOMING: MetaMask x Wallet Guard: State of Security September 25, 2024

Our next quarterly X space series co-hosted by MetaMask and Wallet Guard, where we examine the current threat landscape and best security practices. This time around we have Miles and Jackson joining from the MetaMask Threat Intelligence and Security Research team.

Set your reminders!

If you miss it, you can still catch the recording by keeping an eye on the @MetaMask and @wallet_guard X accounts.

Regarding CSS Injection, LavaDome, and ShadowDOM

Check out Gal's response to a recent episode of the Critical Thinking - Bug Bounty Podcast on CSS injection vulnerabilities. He focuses on LavaDome and the choice of ShadowDOM over iframes in order to balance security with user experience. Gal's thread highlights the broader goal of securely integrating sensitive data into web apps and addressing gaps in web security design. He also talks about SNOW, which influenced browser vendors to consider solving the same origin concern at the browser level.

⚠️ Tales of Caution ⚠️

Cthulhu Malware Targets Mac Users

Summary

The Cthulhu Stealer malware targets macOS users, challenging the belief that macOS systems are immune to malware threats. Developed as malware-as-a-service (MaaS), it disguises itself as legitimate software through an Apple disk image, prompting users for their password and MetaMask password upon execution. The malware then steals a variety of sensitive information, including cryptocurrency wallets and browser cookies, storing them in a directory for exfiltration. Cthulhu Stealer, similar in functionality to the Atomic Stealer malware, is part of a growing trend of macOS-targeted malware, underscoring the need for vigilance among Apple users.

How Users Can Protect Themselves

To protect against threats like the Cthulhu Stealer, macOS users should only download software from trusted sources such as the Apple App Store or official developer websites. Enabling built-in security features like Gatekeeper, which blocks unverified apps, and keeping the system and applications updated with the latest security patches are critical steps. Additionally, using reputable antivirus software can provide an extra layer of protection. By staying informed about potential threats and adopting these proactive security measures, users can significantly reduce their risk of malware infections and safeguard their sensitive information.

Fake Developer Jobs Laced with Malware

Summary

The sophisticated malware campaign that has been targeting developers with fake job advertisements for months shows no sign of letting up The malware, disguised as a legitimate npm package named "execution-time-async," installs malicious scripts that steal cryptocurrency and credentials from the victims. The attackers cleverly hid the malware within a test file, exploiting social engineering techniques to lure developers into downloading and executing the compromised package. The malware may be part of a larger social engineering campaign, with ties to North Korean state-sponsored activities.

How Users Can Protect Themselves

To protect against such software supply chain attacks, developers should exercise caution when downloading packages, especially from unofficial sources. Always verify the authenticity of job offers and be wary of requests to download software as part of the application process. By staying informed about the latest threats and adopting a cautious approach to software installation, developers can significantly reduce their risk of falling victim to these increasingly sophisticated malware campaigns.

ZackXBT Uncovers DPRK Developers Working for 25+ Crypto Projects

Summary

A team recently discovered 1.3 million missing from their treasury, leading them to seek ZachXBT's expertise. The investigation revealed that the team unknowingly employed DPRK IT workers posing under fake identities as developers. This breach led to the laundering of the stolen funds through a complex path of exchanges, bridges, and mixers. ZachXBT then uncovered 25+ additional crypto projects that had hired DPRK developers.

How Users Can Protect Themselves

This incident underscores the critical importance of thorough vetting and monitoring of team members, especially in roles with access to sensitive operations. Teams should implement rigorous background checks, utilize secure code practices, and maintain strict oversight of treasury transactions. Additionally, fostering a culture of security awareness and encouraging the reporting of suspicious activities can further safeguard teams.