G2 Logo

Trouble Brewing - Dissecting a fake homebrew update that stole user data

By Oliver Simonnet, Lead Cyber Security Researcher at CultureAI

Table of contents

  • Preamble
  • Malvertising - Effective and on the rise
  • Looking at the install command
  • Reverse engineering the payload
  • Reversing the decoding function:
  • Reversing the decryption function
  • Decoding the second stage payload:
  • Conclusion
  • Indicators of Compromise (IoCs)
  • References
Oliver Simonnet avatar

Oliver Simonnet

Lead Security Researcher

10 March 20258 min read
Share:

Recommended for you

[object Object]

AI Browsers: A Security NightmareFlipping the Board on Decades of Security Progress

When a browser’s address bar begins to accept both URLs and natural language, and an AI agent can act across your accoun...

[object Object]

6 Strategic Implications of AI for Security Leaders in 2026

Most organisations think they control AI usage. They don’t. Discover 6 strategic implications security leaders must addr...

[object Object]

The AI Control Gap: Why Partners Are Now on the Front Line

Partners who move early can shape how customers think about AI governance, risk, and control. Those who wait will be bro...