Phil Stokes, Author at SentinelOne

ReaderUpdate Reforged | Melting Pot of macOS Malware Adds Go to Crystal, Nim and Rust Variants

Phil Stokes & Raffaele Sabato / March 25, 2025

A widespread campaign with binaries written in different source languages, ReaderUpdate presents unique challenges for detection and analysis.

labs

Security & Intelligence

Censorship as a Service | Leak Reveals Public-Private Collaboration to Monitor Chinese Cyberspace

Alex Delamotte, Aleksandar Milenkoski & Dakota Cary / February 21, 2025

Data leak reveals how a top tier cybersecurity vendor helps the PRC enforce content monitoring and manipulation of public opinion in China.

labs

macOS FlexibleFerret | Further Variants of DPRK Malware Family Unearthed

Phil Stokes & Tom Hegel / February 3, 2025

DPRK 'Contagious Interview' campaign continues to target Mac users with new variants of FERRET malware and GitHub devs with repo spam.

labs

2024 macOS Malware Review | Infostealers, Backdoors, and APT Campaigns Targeting the Enterprise

Phil Stokes / January 20, 2025

Learn about the key macOS malware families from 2024, including tactics, IoCs, opportunities for detection, and links to further reading.

labs

Adversary

DPRK IT Workers | A Network of Active Front Companies and Their Links to China

Tom Hegel & Dakota Cary / November 21, 2024

SentinelLABS has identified multiple deceptive websites linked to businesses in China fronting for North Korea's fake IT workers scheme.

labs

Advanced Persistent Threat

BlueNoroff Hidden Risk | Threat Actor Targets Macs with Fake Crypto News and Novel Persistence

Raffaele Sabato, Phil Stokes & Tom Hegel / November 7, 2024

SentinelLABS has observed a suspected DPRK threat actor targeting Crypto-related businesses with novel multi-stage malware.

labs

macOS NotLockBit | Evolving Ransomware Samples Suggest a Threat Actor Sharpening Its Tools

Phil Stokes / October 22, 2024

An unknown threat actor is developing ransomware to lock files and steal data on macOS, and it's not LockBit.

labs

macOS Sequoia | What’s New in Privacy and Security for Enterprise?

Phil Stokes / September 17, 2024

Monday September 16th saw Apple release the newest version of its Mac operating system, macOS 15 Sequoia, and SentinelOne was delighted to announce support for this version of macOS on the day of release.

labs

From Amos to Poseidon | A SOC Team’s Guide to Detecting macOS Atomic Stealers 2024

Phil Stokes / September 12, 2024

Keeping track of the many variants of Atomic Stealer can be a challenge for SOC teams. Our guide breaks down the latest versions.

labs

Security Research

Exploring the VirusTotal Dataset | An Analyst’s Guide to Effective Threat Research

Aleksandar Milenkoski & Jose Luis Sánchez Martínez (VirusTotal) / August 29, 2024

We teamed up with VirusTotal to take a deep dive into the platform's extensive query capabilities through both the web and API interfaces.