{
	"id": "bad6ca40-a421-4654-add7-a2763551a19a",
	"created_at": "2026-04-06T00:10:09.647761Z",
	"updated_at": "2026-04-10T03:21:55.111776Z",
	"deleted_at": null,
	"sha1_hash": "d38a3df5479c3d439887402db5f14554a1a8c315",
	"title": "Brief technical analysis of the \"Poseidon Stealer\" malware",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 61719,
	"plain_text": "Brief technical analysis of the \"Poseidon Stealer\" malware\r\nBy Federal Department of Defence, Civil Protection and Sport DDPS\r\nArchived: 2026-04-05 17:06:26 UTC\r\nBrief technical analysis of the \"Poseidon Stealer\" malware\r\n11.07.2024 - At the end of June 2024, cybercriminals spread the malware \"Poseidon Stealer\" in German-speaking Switzerland by email, using AGOV as a lure with the aim of infecting computers with the macOS\r\noperating system. The NCSC has now produced and published a brief technical analysis of the malware.\r\nAt the end of June, the NCSC received numerous reports on emails that pretend to come from AGOV, the Swiss\r\ngovernment login. The malicious emails asked the recipients to download a software package for macOS, which\r\nin fact was a malware called \"Poseidon Stealer\".\r\nThe brief technical analysis by NCSC shows how \"Poseidon Stealer\" works in order to access and steal the\r\nvictims' data. It has been shown that once the malware has been installed, it searches the computer for and collects\r\nsensitive information such as login data, private keys, cookies and crypto wallets. This data is then compressed\r\ninto a zip file and sent to a central botnet command and control server. One thing to emphasize about this malware\r\nis that as soon as the data has been drained and after the infected device is restarted, it remains on the device but is\r\nno longer executed.\r\nNCSC notification dated June 28, 2024\r\nSource: https://www.ncsc.admin.ch/ncsc/en/home/aktuell/im-fokus/2024/poseidon_bericht.html\r\nhttps://www.ncsc.admin.ch/ncsc/en/home/aktuell/im-fokus/2024/poseidon_bericht.html\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://www.ncsc.admin.ch/ncsc/en/home/aktuell/im-fokus/2024/poseidon_bericht.html"
	],
	"report_names": [
		"poseidon_bericht.html"
	],
	"threat_actors": [],
	"ts_created_at": 1775434209,
	"ts_updated_at": 1775791315,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/d38a3df5479c3d439887402db5f14554a1a8c315.pdf",
		"text": "https://archive.orkl.eu/d38a3df5479c3d439887402db5f14554a1a8c315.txt",
		"img": "https://archive.orkl.eu/d38a3df5479c3d439887402db5f14554a1a8c315.jpg"
	}
}