Feed The Platypus Mac OS

Posted on  by

The news sites and blogs are always refreshing information every hour. If you aren't using RSS feeds to consume that content, you're certainly in for a treat to save your time and data to consume all kinds of content from a single app. Of course, the dedicated apps from media organizations are nice, but what if you're only interested in Markets, Business, Sports, or a combination of a few topics?

So instead of opening several tabs or keeping handful of news apps, RSS feeds from multiple sources allow you to enjoy content in a single app.

The RSS (Really Simple Syndication) feeds mostly fetch the title, photo, and some text (at times full article) and lets you read them without distractions. So you can follow the latest updates of your favorite blogs and websites all in one place instead of having to visit multiple sites on your Mac.

Here's a compilation of the best 5 RSS news reader apps that we found extremely useful.

Darwin is the core operating system of Apple Inc.' S Mac OS X, and runs on an open sourcekernelcalled XNU. Apple first released it to the open source community in 2000. Darwin integrates a number of technologies, most importantly the Mach3.0kernel, operating system services based on 4.4 BSD(Berkeley Software Distribution, particularly FreeBSD), high-performance networking facilities,. Darwin is the core operating system of Apple Inc.' S Mac OS X, and runs on an open sourcekernelcalled XNU. Apple first released it to the open source community in 2000. Darwin integrates a number of technologies, most importantly the Mach3.0kernel, operating system services based on 4.4 BSD(Berkeley Software Distribution, particularly FreeBSD), high-performance networking facilities,. Actually, Platypus is a developer tool to create native Mac applications from command line scripts such as shell scripts or Perl, Ruby and Python scripts. The process wraps the script in a MacOS application bundle along with an executable binary responsible for running the script.

Note:

Platypus Platypus is a developer tool for the Mac OS X operating system. It can be used to create native Mac OS X applications from interpreted scripts such as shell scripts or Perl and Python programs. This is done by wrapping the script in an application bundle directory structure along with an executable binary that runs the script.

We've used these apps on macOS 11 Big Sur public beta and they worked without any issues. The screenshots were captured with macOS in dark mode.
Also on Guiding Tech
Reeder 4 vs Feedly: Which RSS Reader Is Better on iPhone
FeedRead More

1. NetNewsWire

NetNewsWire is a free, open-source RSS feed reader app, and I bet you'd heard of it when trying to look for a dedicated RSS feeds app. The app's recent version deliversa fast and reliable RSS news reading experience. The RSS feedsenthusiasts can link their Feedbin account, which comes with a paidsubscription.

And the Feedly users can keep their read items synced across devices as well. It does come with a handful of sources, and you can always import the OPML file from elsewhere.

Its two-column, single pane interface will remind you of apps like MS Outlook. So will most apps on this list. Using a lot of keyboard shortcuts with the spiffy experience is fun. So is tinkering with a bevy of customizations and power-packed search. The only place this app falls shorts is the capability to share a few things. So if you seek an open-source app that you'll customize later as per your convenience, then NetNewsWire checks most of the right boxes.

Get NetNewsWire

2. Reeder 5

Freshly updated Reeder 5 carries one of the most polished interfaces of all the available RSS readers. The iPhone users will love the new iCloud sync feature to use it with their Macs.

Note: The screenshot is of Reeder 4 and it was taken before Reeder 5 was released.

Previously, the major updates took a while, and you should bethankful that they did. The developers proactively roll out app updatesimmediately after the new iOS version drops.

Read Later and Mark As Read on scroll will be extremely convenientfor the prolific readers who prefer RSS feeds to consume news. And itonly gets better with a bouquet of support for third-party services likeFeedbin, Feedly, FeedHQ, NewsBlur, Instapaper, Pocket, and others. Ofcourse, you can always import the OPML file from other services. If youlove polished interface and animations, then you'll have to buy Reeder 5from the Mac Store for $9.99

Get Reeder 5
Also on Guiding Tech
#google news
Click here to see our google news articles page

3. ReadKit

ReadKit serves as a perfect no-nonsense newsreader app with supportfor several Read it later services like Instapaper, Readability, andPocket. Either of these services can really help you organize thelong-form or other content that you wish to read later at peace.Alternatively, you can star them as well.

The Smart Folder option lets you manage and organize your feed subscriptions into meaningful subjects and categories. For instance, I've sorted mine into Android, Apple, Gaming, and so on. Wondering how to add your feeds collection? Well, ReadKit supports a host of RSS feeds subscription services like Feedly, Feedbin, NewsBlur, Feed Wrangler, and even Fever.

Okay, I saved the best for the last - Focus mode and Search (self-explanatory). The Focus mode hides all the columns with folders and turns the window into a full screen to read the article. ReadKit is available for $9.99 from the Mac App Store.

Get ReadKit

4. News Explorer

One of the strong points of the News Explorer app is that it supports synching content from RSS, Atom, JSON, and even Twitter feeds. On top of that, it also supports Podcast RSS feeds so that you don't miss out on your favorite podcast episodes.

That's why News Explorer is my go-to RSS readers to catch up onPodcasts while I read and scroll through several feeds from differentsources. While it offers most features for customizing views andmanaging sources, there's one more reason to prefer News Explorer.

The app costs $9.99 if you want to purchase it from the Mac AppStore. However, if you buy SetApp's monthly subscription for the sameamount, you get News Explorer and several other paid apps for free - allincluded in the subscription amount. I think that's a pretty good dealif you just want to try out several paid apps for a month and thencontinue the subscription if you wish. So this app suits the best forthe folks looking for that value-for-money quotient with paid Mac apps.

Get News Explorer from SetApp
Also on Guiding Tech
Feedly vs Flipboard : Which App is the Best for the News Savvy?
Read More

5. Feedly

The Feedly app looks like a browser-wrapped version of its online appbut for Macs. So why is it on this list? Well, if the above four appscouldn't convince you, then Feedly is the best option to start.

It offers several popular RSS sources categorized by subjects - Technology, Startup, Business, Sports, Health, and more. So you pick the category that interests you and then select the sources that offer RSS feeds.

While the free version should work for most users, the Feedly Pro for $6 per month bundles more feed sources, lets you share over social networks, copy content to note-taking apps, and more. The Pro+ plan cost $8.25 per month includes Leo, an AI-powered digital assistant, the tweaks and prunes your collection to remove duplicates, classifies updates by topics, adds mute filters, summarizes, and more.

Get Feedly

To Read or Not

After Google Reader shut down, I moved the OPML file of the RSS feeds to Feedly, which really helped to subscribe to many similar sources and get rid of infrequent or overlapping ones. As a recovering RSS reading fan, I now prefer the ones with Read It Later services baked inside.

Most other apps on this list support a Feedly account. So transferring your curated lists and sections from Feedly to another app will be quite a breeze. Meanwhile, I shoutout to Netscape for gifting the world RSS to manage the information overload. So which RSS news feed readers do you use on your Mac, iPhone, Android, or Windows PC?

Next up:Want to try out some of the best RSS readers on your Windows PC? Click the next link to check our hand-picked 5 Best RSS Feed readers apps for Windows 10.


The above article may contain affiliate links which help support Guiding Tech. However, it does not affect our editorial integrity. The content remains unbiased and authentic.

Read Next

NetNewsWire vs Reeder: Which RSS Reader App Is Better on iPhone

Both NetNewsWire and Reeder are capable

Platypus Facts

There is no denying that MacOS users experience fewer malware attacks in contrast to Windows and Android users. However, the assumption regarding Apple’s bulletproof security is but only a myth. In reality, the MacOS powered devices also face security risks just like Windows and Android ones.

We at K7 Threat Control Lab recently observed a few MacOS applications available in the wild capable of delivering a Python payload on execution. Masquerading as legitimate apps, these malicious apps are developed using Script-to-App tools such as Platypus and Apple Automator and are intent on delivering their payloads.

By reverse engineering the app code we found that the malware authors develop these apps using off-the-shelf tools like Empyre. For those who are unaware, EmPyre is a Python-based post-exploitation tool designed for MacOS and Linux-based agents. Its communication control flow is based on the structure of an empire, and is actually quite similar to the post-exploitation framework for Windows.

During the study, we found the attackers are feeding the script from EmPyre to Script-to-App tools for producing an application package out of it.

In this blog we throw some light on a few such Script-to-App generator tools and the malicious payloads they deliver.Figure 2 shows the decoded python script delivered by these “!(Legit)” apps.

Case Study 1: Platypus Case

In our first case study, the malware author created a fake Mac app using Platypus and an EmPyre Python script. The malicious app masquerades as a legit app named “Letgo”. The fake Letgo version carries a digital signature as well to dodge MacOS’ Gatekeeper security layer.

Once executed, the app prompts a look-alike login screen. If victims log in with their credentials, the app displays the following fake error message: “We could not sign you in. Your account may be undergoing provisioning, which could take up to 24 hours if this is your first sign-in.” However, in the background the Python payload gets executed.

Disassembling the main OSX executable file, we find the class dubbed ‘ScriptExecController’, which executes the script embedded in the resource directory.

The bash script, initially in base64-encoded format, once decoded and executed performs the following actions:

  • Render the HTML code to display the fake Letgo login.
  • Execute a Python script with a malicious payload to take control of the system

Upon extracting metadata information, we find the string ‘Platypus-5.2’ in a property list file called appsettings.plist. This helped us identify the tool used to create the application package in the first place. As mentioned earlier, the Platypus tool is used to create applications from a script file.

Actually, Platypus is a developer tool to create nativeMac applications from command line scripts such as shell scripts or Perl, Rubyand Python scripts. The process wraps the script in a MacOS application bundlealong with an executable binary responsible for running the script.

Similar to Platypus we also found another tool called ‘Apple Automator’ manipulated in this fashion.

Case Study 2: The Curious Case of Apple Automator

As in the previous case study, we found another malwaresample camouflaged as a legit app, but this time called “Discord”. The malwareis developed using Apple Automator, a built-in tool for MacOS users forautomating complex tasks. The malware author did a rather shoddy job of tryingto spoof the Discord app by not even bothering to change the icon to match thatof the real app.

The app comes with a malicious script written in Python inside an XML file called document.wflow. Generally, wflow files contain one or more actions to automate. One of the actions, in this case, was “Run Shell Script” which runs the encoded script.

Code Snippet:

Alongside executing the Python payload, the app also creates a unique ID for each victim based on their Mac hardware ID. It takes a screengrab and uploads it to the Command-and-Control server. This step gives us a hint that the malware author might use the information in the future in a Malware-as-a-Service context. We found our sneaking suspicion to be correct when we found a lookup option embedded on the Command-and-Control server. Upon clicking the call-to-action, an input box prompts us to enter a victim’s ID to display the respective screenshot.

The Attack Scenario

Stage One

Digging further, we found that the Python payload checks whether a host-based Mac firewall called ‘Little Snitch’ is installed on the system. If Little Snitch is found, the process terminates. Otherwise it connects to the Command-and-Control server and downloads an encrypted payload. The hardcoded decryption code is generated using the open source tool EmPyre.

Stage Two

After successfully decrypting the second stage payload, the system is compromised and made available to the remote attacker. The delivery scripts are as follows:

  • Get_sysinfo.py (gathers system information)
  • Rc4.py and aes.py (used in encrypted communication)

Exploring the EmPyre tool

The below image shows the payload generated by the EmPyre tool, which is a bash script in this case. Attackers feed the generated script into tools like Platypus to create an application package which is more convenient for malware delivery than for distribution as scripts.

Once the attacker takes over the system, they can use any module of EmPyre to extend various malicious activities like accessing webcam, mail-lookup, dump user credentials from Apple’s password manager app “KeyChain” and clicking screengrabs. The following images show the various modules available especially for MacOS powered machines.

The attackers have been flying under the radar even though they used existing exploitation frameworks because of the initially-delivered application package didn’t contain the malicious code in the main machO binary.

Platypus Habitat

Besides, the application is also capable of evading Intrusion Detection System (IDS) or Intrusion Prevention System (IPS) as these technologies detect only the defaults given by the exploitation framework. Any small tweaking of the default output can help them evade IDS/IPS.

Is A Platypus A Mammal

IOCs

Macos - Randomize MAC Address Using Platypus - Ask Different

  • (Discord.app)
    ef97fe87b252e75be5d8de1aea8909b362a522a52695e20ae7b55a1d4be43906
    – Trojan ( 0001140e1 )

  • (Letgo Benefits)
    6acae6f86eb4cc11c4fcf6870fb72aaa8493a50c9a5715f79297ee2fb0eab1ad
    – Trojan ( 0001140e1 )

  • (Adobe Zii.app)
    ebecdeac53069c9db1207b2e0d1110a73bc289e31b0d3261d903163ca4b1e31e
    – Trojan ( 0001140e1 )