SANS ISC Stormcast, Jan 29th 2025: Python Crypto Stealer; SimpleHelp Exploited; Apple Silicon Vuln; Teamviewer Vuln; Odd QR Code

Learn about fileless crypto stealers written in Python, the ongoing exploitation of recent SimpleHelp vulnerablities, new Apple Silicon Sidechannel attacks a Team Viewer Vulnerablity and an odd QR Code
Fileless Python InfoStealer Targeting Exodus
This Python script targets Exodus crypto wallet and password managers to steal crypto currencies. It does not save exfiltrated data in files, but keeps it in memory for exfiltration
https://isc.sans.edu/diary/Fileless%20Python%20InfoStealer%20Targeting%20Exodus/31630
Campaign Exploiting SimpleHelp Vulnerablity
Arcticwolf observed attacks exploiting SimpleHelp for initial access to networks. It has not been verified, but is assumed that vulnerabilities made public about a week ago are being exploited.
https://arcticwolf.com/resources/blog-uk/arctic-wolf-observes-campaign-exploiting-simplehelp-rmm-software-initial-access/
Two new Side Channel Vulnerabilities in Apple Silicon
SLAP (Data Speculation Attacks via Load Address Prediction): This attack exploits the Load Address Predictor in Apple CPUs starting with the M2/A15, allowing unauthorized access to sensitive data by mispredicting memory addresses. FLOP (Breaking the Apple M3 CPU via False Load Output Predictions): This attack targets the Load Value Predictor in Apple's M3/A17 CPUs, enabling attackers to execute arbitrary computations on incorrect data, potentially leaking sensitive information.
https://predictors.fail/
Teamviewer Security Bulletin
Teamviewer patched a privilege escalation vulnerability CVE-2025-0065
https://www.teamviewer.com/en-us/resources/trust-center/security-bulletins/tv-2025-1001/
Odd QR Code
A QR code may resolve to a different URL if looked at at an angle.
https://mstdn.social/@isziaui/113874436953157913
Limited Discount for SANS Baltimore
https://sans.org/u/1zQd