vx-underground

02 Aug 2024 01:47

Exciting news.

1. Thanks to JaffaCakes118 and Neiki we are now collecting roughly 20,000 unique malware samples a day. Some days we break 30,000 samples. Thanks to them, petikvx, and virussign we are now ingesting over 1,000,000 samples a month. Yay!

2. This is actually pretty expensive. Ingesting, compressing, archiving, and distributing this much malware, on top of the normal traffic vx-underground receives, brings our current monthly web traffic average to 270TB – or 3.24PB of web traffic a year. Thank you to our friends at Cloudflare who have helped us so much with this traffic load.

3. Thank you to everyone who donates and sponsors us. This isn't an easy task while charging $0.00. Thank you to our largest financial contributor, Malcoreio and our largest monthly donor, TorGuard. A special thanks to our largest individual donor HackingDave.

vx-underground

02 Aug 2024 01:32

RansomHub ransomware group claims to have ransomed text/html; charset=utf-8

ÿÿJW®br잝Pu5o*n·a↓ ⁿΓm╬▄à%^û♫}┬3?

vx-underground

01 Aug 2024 06:54

Join the club. We also have no idea what the fuck we're doing.

vx-underground

01 Aug 2024 04:15

Bonus: your homie hits you up on AIM, or Yahoo, or MSN, and tells you about how excited they are for Tony Hawk's Underground

vx-underground

31 Jul 2024 20:01

Which cat poses the biggest security threat to your organization?

vx-underground

31 Jul 2024 04:49

"I've just gotta lock in", says IT professional on verge of suicide

vx-underground

31 Jul 2024 01:43

We had to convert USD and real-world value things into Robux because some of our younger audience members don't seem to comprehend the vastness of this stolen money.

They do however seem to understand Robux because that's the only exposure they've ever had to economics.

vx-underground

31 Jul 2024 00:45

vx-underground Roulette:

A binary which generates a random number using a seed you provide. If an even number is generated, you win. If an odd number is generated, a random binary payload off the VXDB is detonated on your machine.

vx-underground

30 Jul 2024 19:34

A few days ago Fortune magazine did an article about Ferrari disclosing an attempted cybersecurity breach via social engineering.

tl;dr social engineering using ai / deepfake voice

Sometime earlier this month (July, 2024) a Ferrari executive began receiving unusual text messages from an individual impersonating Ferrari Chief Executive Officer Benedetto Vigna.

Interesting, the impersonator called the (unidentified, target's name was not disclosed publicly) executive. The caller is suspected to have used AI and/or deepfake technology to mimick Benedetto Vigna. The unidentified executive stated the tone, the language, and the accent were perfect. However, some of the language seemed unusual. The executive then asked the impersonator: "Sorry, Benedetto, but I need to identify you. What was the title of the book you had just recommended to me a few days earlier?"

The individual, unable to answer the question, terminated the phone call.

This is one of the first major, and publicly disclosed, social engineering attempts via AI / deepfake technology that we're aware of. The Threat landscape is slowly shifting (as is tradition).

vx-underground

29 Jul 2024 15:54

A few days ago we were alerted to Roblox 'cheaters' (we're using that term loosely) being impacted by malicious code in their 'cheat tool'.

tl;dr malicious script is malicious

The tool being used by Roblox nerds, Wave Executor, executes scripts. In the event a user intentionally, or accidentally, executes a malicious payload, then of course it is going to be malicious.

If you ran a malicious powershell script would you be surprised it was malicious? If you copy-pasted a malicious Python script into IDLE and executed it, would you be surprised it's malicious?

The screenshot circulating is not indicative of some ultra-1337 Roblox cheat exploit – the user, or proof-of-concept developer, detonated a malicious script. The primary security threat posed to Roblox nerds is, as previously stated, nerds accidentally detonating malicious scripts. We don't expect a script-runner tool designed for Roblox to attempt to determine whether or not something is malicious.

Just be careful copy-pasting code into your script-thingy – or don't, whatever.

vx-underground

28 Jul 2024 20:17

Every Sunday all vx-underground staff members meet up in a discrete location and play the all-time American video game classic: Burger King: Sneak King

vx-underground

28 Jul 2024 03:58

It's been 5 years and this is still an on-going gag.

vx-underground

28 Jul 2024 03:31

Thank you for the kind words

vx-underground

27 Jul 2024 08:46

Never imagined so many angry people because of a type of music. It's extremely confusing.

vx-underground

27 Jul 2024 01:23

vX-uNdErGroUnD hOw cOuLd u LiKE THiZ tRaSg muSiC it"s SaTanIC

> Logo is a 16bit computer with a pentagram.
> Website, artwork posted – all 'edgy' and 'dark'.
> Malware
> Half of us are weirdo hottopic mall goths
> Other half looks homeless

What did you seriously expect?

vx-underground

02 Aug 2024 01:32

It's either that or our parser is broken 🤔

vx-underground

01 Aug 2024 22:32

Today the United States, the Russian Federation, and Germany did a prisoner swap.

Most notably:

Roman Seleznev a/k/a Track2, is being returned to the Russian Federation. Seleznev was a prominent member of carder-dot-su. Seleznev developed automated systems for systemic identity theft and credit card fraud. He is estimated to have stolen over $50,000,000

Vladislav Klyushin, is being returned to the Russian Federation. Klyushin was a notorious hack-to-trade fraudster. He and his group compromised organizations to get perform pseudo-insider-trading which resulted in profits over $93,000,000.

Videos released today via the Kremlin shows President Vladimir Putin greeting prisoners as they set foot on Russian soil once again. Here is the clip of Roman Seleznev shaking hands with Vladimir Putin.

vx-underground

01 Aug 2024 06:46

POV: You just joined a Telegram chatroom and you haven't even typed a single word yet

vx-underground

01 Aug 2024 04:13

POV: It's 2003, you're in your bedroom, you just limewire'd some totally cool new music, you're working on your xanga profile, and disrespecting people registering on myspace

vx-underground

31 Jul 2024 17:27

We are happy to announce that finally, after harddrive purchasers waiting 4.5 months, we have received all of the harddrives from the manufacturer.

Moving forward we're going to completely redo how we handle shipping goods because 4.5 months is ridiculous.

Pic unrelated

vx-underground

31 Jul 2024 02:51

We gotta start making more money some how because we're about to be sharing so many samples daily it'll literally cripple us financially 😂😂😂

vx-underground

31 Jul 2024 01:40

Zscaler's ThreatLabz 2024 ransomware report shows confirmation of DarkAngels ransomware receiving the largest ransomware payment in history: $75,000,000

To put that into perspective: someone could buy 524 2024 Mercedes-Benz G Wagons with this money

or buy 6,000,000,000 Robux...

vx-underground

30 Jul 2024 19:35

Full article (paywalled): https://fortune.com/2024/07/27/ferrari-deepfake-attempt-scammer-security-question-ceo-benedetto-vigna-cybersecurity-ai/

vx-underground

29 Jul 2024 16:10

In September we will be doing a fundraiser. We will be auctioning away 5 limited-edition holographic vx-underground Yu-Gi-Oh cards.

We only have 5.

vx-underground

29 Jul 2024 15:24

Updates to vx-underground:

Papers:
- 2023-12-11 - Mustang Panda’s PlugX new variant targetting Taiwanese government and diplomats
- 2024-01-05 - AsyncRAT loader: Obfuscation, DGAs, decoys and Govno
- 2024-03-22 - Large-Scale StrelaStealer Campaign in Early 2024
- 2024-04-02 - Updated StrelaStealer Targeting European Countries
- 2024-06-21 - AmberAmethystDaisy to QuartzBegonia to LummaStealer
- 2024-06-24 - StrelaStealer Resurgence: Tracking a JavaScript-Driven Credential Stealer Targeting Europe
- 2024-07-10 - DodgeBox: A deep dive into the updated arsenal of APT41 (Part I)
- 2024-07-11 - Brief technical analysis of the Poseidon Stealer
- 2024-07-11 - ClickFix Deception: A Social Engineering Tactic to Deploy Malware

Families:
- ZeroT
- FlokiBot
- PlugX
- RockLoader
- StealC
- Vidar
- SmokeLoader
- Socks5Systemz
- Redline
- Enigma
- DowneksLoader
- BabadedaLoader
- BartRansomware
- Amadey
- ATMitch

vx-underground

28 Jul 2024 16:46

Good morning, afternoon, or night.

Today is the day of the rest. It's been quite a week, lots of crazy stuff happening. We hope all of you had a good week, weekend, and are enjoying your Sunday:)

Love you, see you tomorrow:)

vx-underground

28 Jul 2024 03:41

Based on this message we received, and another subsequent message sent to us, it appears some people believe we are transgender (we're a group, so it's kind of confusing), and us praising Gojira at the Olympics means we are satanic pedophiles (???)

vx-underground

27 Jul 2024 17:14

We got a DMCA strike for sharing footage of the Gojira performance.

Lame.

Anyway, back to malware stuff

vx-underground

27 Jul 2024 08:44

We're witnessing people complain in droves because of us praising the recent appearance of Gojira at the Olympics.

Unapproved:
Praising Gojira for their performance at the Olympics

Approved:
Communicating with internationally wanted criminals

vx-underground

27 Jul 2024 01:08

This isn't breaking news. But when we saw this we lost our minds.

France is cool and badass.