Phil Stokes, Author at SentinelOne

Tom Hegel, Kenneth Kinion (Validin) & Sreekar Madabushi (Validin) / May 8, 2025

FreeDrain is a modern, scalable phishing operation exploiting weaknesses in free publishing platforms to steal cryptocurrency on a global scale.

labs

Crimeware

AkiraBot | AI-Powered Bot Bypasses CAPTCHAs, Spams Websites At Scale

Alex Delamotte & Jim Walter / April 9, 2025

AkiraBot uses OpenAI to generate custom outreach messages to spam chat widgets and website contact forms at scale.

labs

ReaderUpdate Reforged | Melting Pot of macOS Malware Adds Go to Crystal, Nim and Rust Variants

Phil Stokes & Raffaele Sabato / March 25, 2025

A widespread campaign with binaries written in different source languages, ReaderUpdate presents unique challenges for detection and analysis.

labs

Security & Intelligence

Censorship as a Service | Leak Reveals Public-Private Collaboration to Monitor Chinese Cyberspace

Alex Delamotte, Aleksandar Milenkoski & Dakota Cary / February 21, 2025

Data leak reveals how a top tier cybersecurity vendor helps the PRC enforce content monitoring and manipulation of public opinion in China.

labs

macOS FlexibleFerret | Further Variants of DPRK Malware Family Unearthed

Phil Stokes & Tom Hegel / February 3, 2025

DPRK 'Contagious Interview' campaign continues to target Mac users with new variants of FERRET malware and GitHub devs with repo spam.

labs

2024 macOS Malware Review | Infostealers, Backdoors, and APT Campaigns Targeting the Enterprise

Phil Stokes / January 20, 2025

Learn about the key macOS malware families from 2024, including tactics, IoCs, opportunities for detection, and links to further reading.

labs

Adversary

DPRK IT Workers | A Network of Active Front Companies and Their Links to China

Tom Hegel & Dakota Cary / November 21, 2024

SentinelLABS has identified multiple deceptive websites linked to businesses in China fronting for North Korea's fake IT workers scheme.

labs

Advanced Persistent Threat

BlueNoroff Hidden Risk | Threat Actor Targets Macs with Fake Crypto News and Novel Persistence

Raffaele Sabato, Phil Stokes & Tom Hegel / November 7, 2024

SentinelLABS has observed a suspected DPRK threat actor targeting Crypto-related businesses with novel multi-stage malware.

labs

macOS NotLockBit | Evolving Ransomware Samples Suggest a Threat Actor Sharpening Its Tools

Phil Stokes / October 22, 2024

An unknown threat actor is developing ransomware to lock files and steal data on macOS, and it's not LockBit.

labs

macOS Sequoia | What’s New in Privacy and Security for Enterprise?

Phil Stokes / September 17, 2024

Monday September 16th saw Apple release the newest version of its Mac operating system, macOS 15 Sequoia, and SentinelOne was delighted to announce support for this version of macOS on the day of release.

Phil Stokes

FreeDrain Unmasked | Uncovering an Industrial-Scale Crypto Theft Network

AkiraBot | AI-Powered Bot Bypasses CAPTCHAs, Spams Websites At Scale

ReaderUpdate Reforged | Melting Pot of macOS Malware Adds Go to Crystal, Nim and Rust Variants

Censorship as a Service | Leak Reveals Public-Private Collaboration to Monitor Chinese Cyberspace

macOS FlexibleFerret | Further Variants of DPRK Malware Family Unearthed

2024 macOS Malware Review | Infostealers, Backdoors, and APT Campaigns Targeting the Enterprise

DPRK IT Workers | A Network of Active Front Companies and Their Links to China

BlueNoroff Hidden Risk | Threat Actor Targets Macs with Fake Crypto News and Novel Persistence

macOS NotLockBit | Evolving Ransomware Samples Suggest a Threat Actor Sharpening Its Tools

macOS Sequoia | What’s New in Privacy and Security for Enterprise?