MOBILE LINUX | Jolla / SailfishOS - True alternative to common mainstream phones (plus /w Android compatibility)

Recorded live @ Tampere | July 2nd '25.

◉ A new batch of Jolla C2 -phones now available to order
◉ Enjoy the promised open sourcing
◉ Mind2 (private cloud / AI assistant)

https://youtu.be/GMAGgdn-JK0

#Jolla #C2 #SailfishOS #mobile #Linux #Android #Tampere #Finland #Suomi #PrivacyFromFinland #Mind2 #AI @jolla @torvalds

Jolla C2 on Linux -älypuhelinten googleton kärkivalinta. Nyt ilahduttavia uutisia heille jotka eivät fanittaneet vuosimaksullisuutta: Sailfish OS -päivitykset toimitetaan tästä lähtien ilmaiseksi kaikille!

https://forum.sailfishos.org/t/long-term-sailfish-os-updates-free-of-charge-for-all-jolla-c2/23491

#Jolla #C2 #SailfishOS #mobiili #Linux #Suomi #puhelimet #smartphone #Tampella #Tampere @jolla

"While Bill C-2 does not explicitly state that it is paving the way for new and expanded data-sharing with the United States or other countries, the legislation contains references to the potential for “agreement[s] or arrangement[s]” with a foreign state, and references elsewhere the potential that persons in Canada may become compelled by the laws of a foreign state to disclose information.2 Other data and surveillance powers in Bill C-2 read like they could have been drafted by U.S. officials.

Furthermore, in response to questions at a technical briefing on Bill C-2 by Justice Canada on June 9, 2025, Justice Canada officials acknowledged to the persons present at the briefing that the intent of certain provisions within Bill C-2 is to enable Canada to implement and ratify a new data-sharing treaty, publicly known as the “Second Additional Protocol” to the Budapest Convention (“2AP”). The briefing acknowledged that other cross-border “cooperation” tools were foreseeable.

The federal government’s quiet acknowledgement that new provisions in Bill C-2 are being introduced to implement the 2AP treaty raises broader questions about the full extent of Bill C-2’s impacts as it concerns data-sharing with U.S. law enforcement authorities."

https://citizenlab.ca/2025/06/a-preliminary-analysis-of-bill-c-2/

Lumma Stealer is currently one of the most popular malware. Campaigns involving this info stealer have a notable presence in DNS. We’ve been tracking a threat actor that deploys large number of domains to advertise file share links dropping Lumma Stealer. These campaigns are interesting because the actor uses traffic distribution system (TDS), cloaking, and web tracking technology (e.g. Matomo, Bablosoft) to hide and protect the malicious content. Here are recent examples of the TDS and landing page domains.

:::TDS + Cloaking:::
am4[.]myidmcrack[.]site
bjnhuy[.]shop
filefetch[.]click
mplopop[.]shop
oyoclean[.]sbs
psldi3z[.]com
readyf1[.]click
volopi[.]cfd

:::Landing Page:::
14redirect[.]cfd
downf[.]lol
fbfgsnew[.]com
icjvueszx[.]com
lkjpoisjnil[.]site
sikoip[.]cfd
zulmie[.]cfd


An attack that we investigated today showed a new Lumma Stealer payload and C2 domain that is only a day old.

:::Lumma Stealer executable SHA256::: df148680db17e221e6c4e8aed89b4d3623f4a8ad86a3a4d43c64d6b1768c5406

:::Text sites containing Lumma Stealer configuration details:::
hXXps://rentry[.]co/feouewe5/raw
hXXps://pastebin[.]com/raw/uh1GCpxx

:::Newly created Lumma Stealer C2:::
hXXps://urbjanjungle[.]tech/api

Cette lecture parle de comment les groupes de libération en Afrique du Sud ont créé des systèmes de communication sécurisés pour appuyer leur combat contre l'oppression, tout en mettant en avant l'importance de se rassembler et de mieux contrôler la technologie.
Mais je me pose cette question : Comment est-ce que ces leçons du passé peuvent aider les mouvements d’aujourd’hui à gérer la surveillance numérique tout en cherchant à rester transparents? #mastodon #C2

Indra Leads EU’s Smaug Project to Enhance Underwater Threat Detection

https://defensemirror.com/news/38833/Indra_Leads_EU___s_Smaug_Project_to_Enhance_Underwater_Threat_Detection

@IndraCompany
#Smaug #EU #underwaterthreat #Ai #hydrophone #sonar #robot #autonomous #C2 #maritimeborder

Indra Leads EU’s Smaug Project to Enhance Underwater Threat Detection

https://defensemirror.com/news/38833/Indra_Leads_EU___s_Smaug_Project_to_Enhance_Underwater_Threat_Detection

@IndraCompany
#Smaug #EU #underwaterthreat #Ai #hydrophone #sonar #robot #autonomous #C2 #maritimeborder

Mastodon communities, be vigilant! Bad actors are creating accounts within the Fediverse and then using them to distribute malware. We identified one such case in which the threat actor had gone undetected since 2022. That Mastodon instance was one with a climate change focus. The threat actor was distributing an information stealer through their account.

We are happy to have helped the instance owner figure out why they have been on blocklists intermittently for the last few years, but also get that particular threat out of their Mastodon instance and safe for users.

There are undoubtedly many more of these across the Fediverse. Hopefully more awareness can get them detected and shut down faster.

For our fellow security nerds... this was #vidar malware with sha256 975932eeda7cc3feea07bc1f8576e1e73e4e001c6fe477c8df7272ee2e0ba20d
and a c2 IP 78[.]47[.]227[.]68 from the instance.
there is still at least one more Mastodon instance impacted that we are trying to reach.

#malware #stealer #mastodon #threatintel #cybercrime #threatintelligence #cybersecurity #infosec #infoblox #infobloxthreatintel #fakeaccounts #c2

Good grief. Where are the god damned adults? Is there never a time when these people are not beguiled and mesmerized by shiny, techno-babble wrapped BS?

At least in the 80s with SDI they literally knew they were just burning taxpayer $ on a pipe dream they knew they would never implement…

Next up: LARPing A Canticle for Liebowitz.

I claim dibs on the holy shopping list.
#AI #C2 #nukes

https://www.airandspaceforces.com/stratcom-boss-ai-nuclear-command-control/

Infoblox Threat Intel recently discovered an active #macOS #malware campaign targeting individuals associated with #crypto currencies. Using hijacked accounts, the threat actor messages individuals on social media and offers a contract to fix an incomplete app. A follow-up message will contain a link to a public GitBucket repo filled with broken code.
If the victim downloads the project and tries to repair the code, the error.js function will run and silently steal credentials and passwords from the victim’s device.

PSA: never run code you don’t trust ! #cybercrime #threatintel

https://bitbucket[.]org/ffuturemaker/blockchaintp/src/main/server/utils/error[.]js

#c2 : 45[.]137.213.30:1224

Jolla's new C2 phones now being delivered to owners hands +a fresh Sailfish OS 5.0.0.21 upgrade named "Tampella"

"Tampella" is an idyllic location in the city of Tampere (where Jolla's roots situate)

◉Browser engine upgraded to ESR91
◉UI translation update
◉Blocking of incoming calls from preset numbers
◉Internet sharing (hotspot) fix
◉New ambiences
◉...much more!

https://forum.sailfishos.org/t/release-notes-tampella-5-0-0-21-for-jolla-c2/20558

#Jolla #SailfishOS #mobile #Linux #phones #C2 #Tampere #Tampella #Suomi #Finland @jolla

The banking trojan, Octo2, now employs a Domain Generation Algorithm (DGA)!

The new variant of the Octo (ExobotCompact) banking trojan, Octo2, is targeting mobile users with several new advanced features. This malware is known for disguising itself as legitimate apps, taking control of the victim’s device to steal sensitive information and commit on-device fraud. For now, the malware has been seen in the wild in Italy, Poland, Moldova, and Hungary, masquerading as apps like NordVPN and Google Chrome. Unfortunately, given its history, it is expected to become global soon.

This new variant, investigated by ThreatFabric, features enhanced functionalities, including a Domain Generation Algorithm (DGA) that dynamically changes its command-and-control (C2) server addresses, making it significantly harder to detect.

Here are some domains associated with this new variant that we have in our collection:

5106c5dbc9e0d004489af35abec41027[.]info
7729f264dc01834757c9f06f2d313e28[.]com
a414602e421935fd057be3c06a3d080c[.]info
53cd7bfaebd095ad083c34f007469ff5[.]biz
5fa5009fb05a5cee1abd7a2dbb6eb948[.]net
8921267492331aabcb4394c801d4e490[.]shop
bbad1dcadd801af41da97ecf292b147f[.]xyz
c80530d100da2e953c21c55d7cb4b86a[.]info
ffce9e39ccdfbe3f1e88806545321ad7[.]org

ThreatFabric report: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

True Linux phone seekers rejoice: JOLLA C2 phone 1st look & Sailfish OS 5.0 preview!

Jolla represents the features and update highlights people asked for.

◉New camera capabilities ◉Landscape / portrait mode ◉Expandable storage
◉True alternative for the domination of iOS (Apple) & Android (Google)
◉Get a glimpse of upcoming for the ultimate Sailfish experience via C2 phone

►https://youtu.be/OVyOmaVySZc

We just released a landscape review of Registered DGAs. We review the many ways threat actors are leveraging these algorithms -- including malware, phishing, scams, porns, you name it. Our RDGA detectors find tens of thousands of domains every day, and we've seen the use continue to rise over the last several years. Most folks aren't even aware since actors are doing this in DNS and it often isn't obvious. #dns #threatintel #cybersecurity #cybercrime #infoblox #RDGA #DGA #DDGA #malware #phishing #scams #infoblox #infobloxthreatintel #cybersecurity #threatactor #c2 #revolverrabbit #threatintelligence #cyber #cyberintelligence #xloader #formbook #abusedtld https://insights.infoblox.com/resources-research-report/infoblox-research-report-registered-dgas-the-prolific-new-menace-no-one-is-talking-about

I never made an #introduction, so:
#Boston (MA)-ish area #tech geek (#sysadmin), working in academia.
#SquareDancer (#mwsd)(#c2)(#TechSquares )
#Narrowboat and (UK) canal obsessive.
#sciencefiction fan. (#arisia).
Not going anywhere near Line, despite being too damned ensconced in FB. Trying to quit Reddit for Lemmy.

Realized that I never did an #introduction so here goes.

My name is Chase or Charles from #Dallas i’ve been in #IT and #infosec for almost a decade. I started out in helpdesk in college and moved onto #appsec and then #DFIR and malware reverse engineering. After my stint on the #blueteam side of the house I moved to #redteam and #pentesting by getting my #OSCP and #OSCE and worked there for 4 years where I got to do a lot of fun stuff like write a #c2 and find a number of #0days. Now I’m the CTO of Vector0 where we are building an attack surface management platform.

Outside of work while at home I mainly spend time #gaming or doing projects around my house and spending time in my pool. Otherwise I try to get as far away from a screen as possible by traveling and hiking/camping in places where I can’t be reached.

#introduction 
HI! I'm a security researcher interested in weird things on the Internet. In particular, I love following rabbit holes around phishing emails and infrastructure, C2s, and botnets. 

I got my start in tech in data science, where I helped colleagues find users who were doing "weird" and "interesting" things with our company's software. They wanted to find users who were pushing the boundaries of the software, not doing nefarious things, necessarily.

TL;DR I've spent most of my career looking for weird stuff in data. 

Now, I'm especially interested in applications of data science methods–including but NOT limited to AI/ML–to problems in the infosec space. 

Excited to see the community here and get to know others with similar interests!

#phishing
#c2
#botnet 
#cybersecurity
#ai
#machinelearning