🚀 BoostNOI Weekly Recap: ICYMI 🌟 AppWork 🔥 Taylor Avakian 🏗️ Elmington 🏆 Brian Roers 🎯 Top 5 Consulting Firms: 1️⃣ Newmark RF 2️⃣ BC Solutions, Inc. 3️⃣ REdirect Consulting 4️⃣ Brown & Brown 5️⃣ Eng Flanders Group, Inc 📊 PM Spotlight: ZRS Management

🚀 BoostNOI Rising Star: @AppWorkCo AppWork is tackling one of multifamily's biggest operational challenges: maintenance. Shoutout to Sean Landsberg and the team for building a platform that's helping operators modernize maintenance operations and improve resident satisfaction.

JDownloader.org supply chain attack: Hackers exploited CMS vuln to swap Windows/Linux installers with Python RAT & malicious shell code ⚠️📥 Fake sigs (Zipline LLC, Water Team) instead of AppWork GmbH ... SmartScreen flagged them. May 6-7 downloads at risk. Always verify signatures. CMS = new front door. #SupplyChain #Malware #InfoSec hackread.com/hackers-hijack-…

ダウンロードマネージャ「JDownloader」の公式サイトが侵害され、一部のダウンロードリンクがマルウェアへ差し替えられていたとの公表。5月6日〜7日（UTC）の間にWindowsの「代替インストーラー」リンクまたはLinuxシェルインストーラーリンクからダウンロードした場合、正規インストーラーではなく第三者のマルウェアをダウンロードした可能性があるとのこと。正規のインストーラー自体は改変されておらず、サイト上のリンク先だけが書き換えられていたもの。今月はDAEMON-Tools公式サイトでも同様の事案が報告されており、人気ソフトの公式配布経路を狙う攻撃が相次いでいます。 【要点の整理】 ・攻撃の手口はサイトのCMS（コンテンツ管理システム）の未パッチ脆弱性で、攻撃者は認証なしでページや配布リンクを書き換えられる脆弱性を悪用、サーバの基盤やOSレベルへの侵入には至っていないとのこと ・Windows向けに差し替えられたマルウェアはPython製のモジュール型RAT（遠隔操作型マルウェア）で、C2サーバーから受信したPythonコードを動的に実行できる仕組みになっている ・Linux向けはELFバイナリ2本を投下し、片方はSUID-root権限で動作する補助バイナリ、もう片方はPyarmor（Pythonコード難読化ツール）で難読化された本体ペイロード。systemd風のファイル名で偽装したプロファイルスクリプト（/etc/profile[.]d/systemd[.]sh）によりログイン時に自動起動し、プロセス名は電源管理デーモン「upowerd」に偽装する構成 ・影響を受けるのは「代替Windowsインストーラー」リンクとLinuxシェルインストーラーリンクのみで、アプリ内自動更新・macOS版・Winget・Flatpak・Snap・メインのJARパッケージは影響を受けていないとされる ・正規版か否かはデジタル署名の署名者が「AppWork GmbH」であることで判別でき、署名がない場合や署名者が異なる場合は実行しないよう開発元が案内している 該当期間に対象リンクからダウンロードしたインストーラーを実行した端末については、OS再インストールとすべてのパスワード変更が推奨。今月はDAEMON Tools、4月のCPUID（CPU-Z／HWMonitor等）と公式サイト経由のマルウェア配布事案が相次いで報告されており、公式サイトからのダウンロード時にも署名検証が有効な確認手段として挙げられています。ただし、DAEMON Tools事案ではリンク差し替えではなくビルド環境が侵害され、開発元証明書で署名された状態でマルウェアが配布されていたため、署名検証だけでは見抜けないケースもあることに注意が必要です。 詳細は以下を参照： bleepingcomputer.com/news/se… JDownloader公式インシデント告知： jdownloader.org/incident_8.5…

Trust the signature, not the site. The real JDownloader is digitally signed by "AppWork GmbH". If you download an installer and the digital signature is missing or belongs to a random LLC, delete it immediately. Math over trust. #0day #Privacy

‼️🚨 The official JDownloader website was breached, attackers swapped the Windows and Linux installers with malware for over a day before anyone noticed. JDownloader is a popular download manager with millions of users on Windows, macOS, and Linux. Timeline: ▪️ May 5, 23:55 UTC: attacker tests the method on a dummy page. ▪️ May 6, 00:01 UTC: real attack goes live. Alternative download links for Windows and Linux are replaced with malicious installers. ▪️ May 7: a Reddit user notices Windows SmartScreen flagging the installer with a strange publisher ("Zipline LLC", "The Water Team", "Peace Team") instead of "AppWork GmbH". ▪️ Hours later, the JDownloader dev team confirms the breach and takes the site offline. How they got in: an unpatched vulnerability let attackers modify the website's access control list (ACL), give themselves edit rights, and swap the download links. No further details on the bug have been shared. What's compromised: ▪️ Windows installer (alternative download links). ▪️ Linux shell installer (alternative download links). What's safe: ▪️ macOS installers (still validly signed). ▪️ The core JDownloader.jar file. ▪️ Flatpak, Winget, and Snap packages (separate infra, sha256 checksums unchanged). ▪️ In-app auto-updates (separate servers, end-to-end signed). If you downloaded JDownloader from the website between May 6 and May 7, treat your machine as compromised. This is the third trusted-software website breach in recent weeks, after Daemon Tools and CPU-Z / HWMonitor.

The sample is an unsigned outer wrapper that carries the real JDownloader installer as one resource and a second encrypted PE as another resource. The chain looks like this: 1. Unsigned JDownloader-themed wrapper is launched by the user. 2. Wrapper contains a legitimate signed Appwork installer as `BIN1`. 3. Wrapper also contains an XOR-encrypted malicious PE as `BIN2`. 4. `BIN2` decrypts with XOR key `ectb` into a Windows x64 native loader. 5. The native loader contains more XOR-obfuscated resources using key `fywo`. 6. Those resources include a Python 3.14 / PyArmor 8.1.0 payload and runtime. 7. The loader stages Python, writes initial encrypted bot config, and starts the RAT under `pythonw.exe`. 8. The recovered Python payload is an encrypted bot/RAT framework with C2 discovery, DDR fallback, DGA fallback, Tor DDR support, task polling, and arbitrary C2-supplied Python `exec`. 9. The staged DDR list resolves through public Telegraph/Rentry pages to two live C2 URLs: https://parkspringshotel[.]com/m/Lu6aeloo.php https://auraguest[.]lk/m/douV2quu.php

Big week in AI for Real Estate. 8 stories worth your time. Here are the ones I'm watching: 1) REITs went public with their AI numbers at the NYU Schack REIT Symposium. Brixmor cut lease-negotiation timelines 15%. Kimco saved 3 weeks of manual labor processing 200,000 pages during a merger. Eastdil compressed property marketing from 5 weeks to days. We're past experimentation! 2) Giraffe360 raised $10M Series B for AI property marketing. One site visit generates the entire media kit - HDR photos, virtual tours, LiDAR floor plans, video, staging. RE/MAX, CBRE, and BNP Paribas already use it across 26 countries. 3) Musk announced TERAFAB - a $20B joint venture between Tesla, SpaceX, and xAI in Austin. Phase one is 2 million SF. Full build needs thousands of acres. 4) OpenAI leased 450K SF in Mountain View. The entire Ellis Office Campus. AI companies are now the single biggest driver of large-scale office absorption in the Bay Area. 5) Claude sessions surged 1,487%. Hit #1 on the App Store. 6) GrowthFactor raised $5.2M for AI-powered retail site selection. Already at $1M ARR. 7) AppWork raised $7M for AI property management. Maintenance workflows, work orders, technician management. PM is one of the highest-ROI categories for AI right now. 8) Prophetic launched SearchAI Intentions. Developers can now search for land based on what they want to build instead of decoding zoning codes. 23,000 US municipalities digitized at 99% accuracy. D.R. Horton is already on it. Every week I break down what's actually happening in AI Real Estate so you don't have to!

Get the Gig Economy Project newsletter in your inbox for all the latest news on the gig economy in Europe: braveneweurope.com/gig-econo… #GigWork #GigEconomy #PlatformWork #Uber #Unions #Strike #AppWork #OnDemandWork #Workers #Riders #Drivers

Durante la Expo Feria Codopyme, Daniel José Peña, CEO y fundador de APPWORK SRL, presentó DIGIMART, un software 100 % en la nube creado para ayudar a emprendedores y propietarios de pequeñas y medianas empresas a incrementar sus ventas y optimizar sus procesos. La herramienta integra facturación electrónica con la DGII y ofrece una gestión ágil, moderna y segura, convirtiéndola en una solución esencial para la digitalización de los negocios. #ElNuevoDiarioRD

Missed the Gig Economy Project newsletter this week? You can catch-up here: eomail5.com/web-version?p=0f… And to get it in your inbox each week, click here: eomail5.com/web-version?p=0f… #Uber #GigEconomy #GigWork #PlatformWork #Appwork #OnDemandWork #Ridehail #AVs #PlatformEconomy #Work

Missed the Gig Economy Project newsletter at the weekend? You can catch-up here: eomail5.com/web-version?p=50… And to get in your inbox each week, click here: braveneweurope.com/gig-econo… #Lieferando #JustEat #PlatformWork #GigWork #GigEconomy #Work #Unions #Uber #AppWork #Strike #Berlin

Superintent ai backed by the best ✅CIRCLE ✅MICHANISM CAPITAL ✅INFINITY VENTURES CRYPTO ✅GUMI CRYPTO ✅AppWork AND MORE😱 LAKAS NITO GUYS EASY LNG CONNECT WALLET AND COMPLETE TASK TO EARN POINTS mission.superintent.ai/?refe…

Proptech firms have been active in recent weeks. Find the latest news from AppWork, Fetch, Funnel Leasing, igloo, Okibo, SmartRent, TenantCloud, Xfinity Communities, and Yardi. multifamilyexecutive.com/tec…

AppWork @AppWorkCo Raises $13 Million in Series A #SaaS #PropertyManagement #Maintenance #PropertyMaintenance #MultifamilyProperty #MaintenanceOperations #MaintenanceManagement #PropTech #SeriesA #Funding thesaasnews.com/news/appwork…

AppWork, provider of a software platform purpose-built to streamline maintenance operations for multifamily property management teams, raised $13M in Series A funding.

AppWork, provider of a software platform purpose-built to streamline maintenance operations for multifamily property management teams, raised $13M in Series A funding.

AppWork for make ready/work orders/inspections.

🎉 Get Ready For "Sonic & Sodas" In Taipei 🇹🇼 🎶🍹 Join us for an unforgettable evening of networking, innovation, and good vibes, hosted by @0xSonicLabs and @bitskwela 🌐✨ 📍 Location: Appwork 📅 Date: Friday, Dec 13, 2024 ⏰ Time: 5 Pm - 8 Pm (GMT 8) Register 👉 lu.ma/pe025g6x Connect with the brightest minds in #Web3, explore cutting-edge ideas and the upcoming mainnet launch of #Sonic, and enjoy refreshing sodas in a vibrant atmosphere. Don’t miss all alpha news at this exciting event! 🚀 #Sonic #Bitskwela #S