pull down to refresh

338 sats \ 4 replies \ @k00b 21 May \ parent \ on: Wallet-stealer malware on macOS: here’s what I built to solve it privacy

This

don’t want to publish something half-baked

and

I actively invite people to tear it apart, reverse it, or even audit it however they want

are inconsistent with each other.

No one should download this. You're an internet anon making promises about what happens after a leap of faith is already taken.

write
preview
0 sats \ 3 replies \ @panicsell OP 21 May

No promises - if you don’t feel safe, definitely don’t install. I’ll work on getting a minimal version open sourced ASAP. Until then, treat it like a curiosity or don’t touch it at all.

Main reason for closed-source: I’m paranoid about leaking stuff that could be exploited, and the code is still a mess. I plan to open-source once the core is stable and not embarrassing.

reply
33 sats \ 1 reply \ @ek 21 May
I’m paranoid about leaking stuff that could be exploited

You said it works offline. From your site:

Works Offline: Core protection features function perfectly without an internet connection.

So what could there be to exploit?

I plan to open-source once the core is stable and not embarrassing.

You're too embarrassed to show your code, but you're not too embarrassed to ask people to trust you with a tool that probably requires root access?

ShieldKey monitors file access, blocks malicious sites/extensions, checks network connections, and guards system files—all in real-time, locally on your Mac.
reply
0 sats \ 0 replies \ @panicsell OP 21 May

Fair enough. Not open-sourcing from day one isn’t about hiding anything malicious; it’s just me being a perfectionist about code quality and avoiding ‘script kiddie’ exploits while things are still raw. No one should trust a new closed-source security tool, especially one that touches wallet files.

If anyone wants to audit or review, I can provide limited source or walkthroughs privately for now. Full open source is the plan after v1 beta feedback and tightening up anything stupid I missed as a solo dev.

Not trying to ‘hide’ - just not ready to defend half-baked code in public yet. If that’s a dealbreaker, 100% respect that, app’s not for you (yet).

reply
0 sats \ 0 replies \ @itsrealfake 26 May

Craigslist has a "Best Of" feature, where users can submit any page on the site as an example, along with a description of why they think it is so great.

I would submit this comment as the best of example for dyor.

It's comically dangerous to do this type of research on your personal computer. Please, please be careful.

reply