Skip to content(if available)orjump to list(if available)

HN

Ingesting PDFs and why Gemini 2.0 changes everything

Okta Bcrypt incident lessons for designing better APIs

Servo's progress in 2024

Tell HN: Cloudflare is blocking Pale Moon and other non-mainstream browsers

S1: A $6 R1 competitor?

Minimum effective dose

Why is Warner Bros. Discovery putting old movies on YouTube?

It's unlikely that there will be any further releases of mt32-pi

A hexagonal-tiled cartogram for U.S. counties

Avoiding outrage fatigue while staying informed

scientificamerican.com

The FAA’s Hiring Scandal

tracingwoodgrains.com

Running ArchiveTeam's Warrior in Kubernetes

gabrielsimmer.com

The Language Construction Kit

Gemini 2.0 is now available to everyone

20k federal workers take "buyout" so far, official says

Andrej Karpathy: Deep Dive into LLMs Like ChatGPT [video]

The familiar loneliness of the Kinetoscope

resobscura.substack.com

Eggs US – Price – Chart

tradingeconomics.com

DARPA solicitation for the Active Social Engineering Defense program (2017)

Ploomber (YC W22) Is Hiring Engineers (Infra, Backend, Growth) and Ex-Founders

ycombinator.com

News from Scroll 5

scrollprize.substack.com

Software development topics I've changed my mind on

Ask HN: Do you know travel blogs that have animated SVG maps of their travels?

Show HN: PulseBeam – Simplify WebRTC by Staying Serverless

OCR Crypto Stealers in Google Play and App Store

OCR Crypto Stealers in Google Play and App Store

4 comments

·February 5, 2025

mrighele

> We found Android and iOS apps, some available in Google Play and the App Store, which were embedded with a malicious SDK/framework for stealing recovery phrases for crypto wallets.

Wasn't the walled garden model supposed to protect from this ?

dghlsakjg

Only if the guards you hire know what they are doing.

If you have ever been through the app review process, you know that it is opaque, flawed, and clearly being run by inexperienced or overworked people who just don't have time to do anything remotely resembling a security audit.

Terr_

All of the fees, none of the work.

fortran77

It's written in Rust:

> The malware, which we dubbed “SparkCat”, used an unidentified protocol implemented in Rust, a language untypical of mobile apps, to communicate with the C2.

So all the Hacker News folks will probably think it's great.