HH.security #22
Details
Hey folks,
shortly after the Easter season, we’d like to meet again.
We’re going to have one interesting talk, the second one will be replaced by an open discussion on AI security*:
"Psychology in Cybersecurity" – André Harms
How psychological factors influence the behaviour of users, security professionals, and decision-makers. What can we learn from other disciplines and professions?"
"Open discussion on AI security" – Florian & Matthias
It’s up to you whether we moderate the discussion or whether you use the time to discuss in smaller groups—or—both?!
This is going to be exciting ;-)
"[DEPRECATED] The AI Ad Apocalypse: Dissecting macOS Crypto Drainers" - Georg Ph. E. Heise
In 2025, a wave of YouTube "AI-trading" scams became the primary vector for draining macOS crypto wallets. This session delivers an autopsy of the Odyssey Stealer campaign and unveils new 2026 research into its evolving, professionalized Malware-as-a-Service (MaaS) architecture.
• The Lure: How YouTube/GitHub chains leveraged AI branding to bypass scrutiny.
• Odyssey’s Lineage: A technical comparison to Poseidon and AMOS counterparts.
• The "Rodrigo4" Factor: OSINT on the forum feuds driving the malware's evolution.
2026 Technical Findings
• Stealth & Persistence: Bypassing macOS hardening via LaunchDaemons, Go-based SOCKS5 proxies, and "ClickFix" tactics.
• C2 Infrastructure: Forensic breakdown of live 2026 C2 fingerprints and rebranded admin panels.
• Cross-Platform Parity: Shared evasion techniques between macOS and Windows counterparts.
Hunting & Defense Playbook
• Hard IoCs: Hidden file paths, .plist identifiers, and exfiltration endpoints.
• Behavioral Detection: Monitoring osascript anomalies and unauthorized Keychain access.
• MaaS Economics: Analyzing the market drivers behind these viral malware rebrands.
Dismantle the mechanics of the modern macOS stealer and harden your endpoints against the next wave of AI-driven fraud.
*If you’d like to present something at future events that you think could be valuable for others, let us know.