vx-underground

12 Apr 2024 23:01

Hello, how are you?

Harddrives are back in stock. Merch store is back open for a limited time.

https://www.vx-underwear.org/

vx-underground

12 Apr 2024 17:30

We did a spam test on Twitter. We got 21 spam replies in 30 seconds. It keeps climbing.

https://twitter.com/vxunderground/status/1778807528417116177

vx-underground

12 Apr 2024 17:09

> wake up
> check news
> 0day exploited in the wild
> scroll down
> police offices being ransomed
> ransom group threatening to leak data on rape victims
> scroll down
> "nudes in bio"

Happy Friday.

vx-underground

12 Apr 2024 05:13

We've also distributed complete copies of our collection to people all across to globe. In the event that every single person with access to vx-underground dies in a horrific airplane crash – someone will be able to continue our legacy.

Cheers

vx-underground

12 Apr 2024 05:02

We've updated the vx-underground Windows and Linux malware paper collection.

Goodnight (or good morning?)

See full list of additions here: https://vx-underground.org/Update%20Notes

vx-underground

10 Apr 2024 14:19

Google has announced 'Chrome Enterprise' with two tiers available: Core and Premium.

It will allow administrators to control functionality of the browser and have enhanced security controls. See attached image for more details.

vx-underground

10 Apr 2024 07:53

No seriously, it's real

https://play.google.com/store/apps/details?id=ai.bebra.android.client

vx-underground

09 Apr 2024 22:31

Lord have mercy 🙏😭

vx-underground

09 Apr 2024 22:10

Shoutout to the homies at University of Virginia for the free Robux.

They also helped find viruses on our computer. They said they'll fix it if we call +1-877-339-0559

Blessed 😭🙏

vx-underground

09 Apr 2024 15:04

We expect Harvard and Stanford to give us PhDs in Computer Science for our thesis on free robux

vx-underground

09 Apr 2024 07:11

Url: https://stanford.edu/group/designx_lab/cgi-bin/mainwiki/index.php/(Premium)_Roblox_Gift_Card_Generator_2023_No_Human_Verification_Working

vx-underground

08 Apr 2024 23:18

Unrelated to malware, but potentially relevant to people who go outside

vx-underground

08 Apr 2024 15:03

Good morning, afternoon, or night.

Today we mailed out the remaining vx-underground collection harddrives. It was sent to 6 people.

To those people: during packaging we discovered some sort of mysterious goo on the harddrive boxes. We do not know what it is. It is mysterious.

vx-underground

08 Apr 2024 07:17

Sugargoo, a competitor to PandaBuy, has allegedly been compromised. Individuals operating under the monikers "IntelBroker" and "Sanggiero" are claiming responsibility for the breach.

- The data they claim to have exfiltrated is primarily user activity and settings. However, the data does include the users email address. The data stolen is not nearly as severe as the PandaBuy breach

- The data has not been made public. The individuals responsible for the breach are trying to sell the data.

- IntelBroker and Sanggiero are the same individuals who compromised PandaBuy

- In a twist of fate, the breach was mostly unnoticed until Sugargoo administrators began timing-out people from their Discord who questioned staff members on the breach. This resulted in more people discussing the issue.

Thank you, Faderz for sharing the screenshot with us as proof.

vx-underground

08 Apr 2024 06:43

Earlier today (or yesterday depending on where you live) RansomHub ransomware group listed Change Healthcare – an organization which was previously ransomed by ALPHV ransomware group.

If you're not familiar with the ... 'lore' ..., it should probably be noted that Change Healthcare did pay (although they deny it, but transaction details discovered by researchers indicate otherwise) and upon receiving roughly $22,000,000 from Change Healthcare ALPHV administration pulled an exit scam.

Under normal circumstances ALPHV administration group receives roughly 20% of the ransom payment (depending on various factors) and the remaining 80% of the ransom money goes to the person (or persons) responsible for deploying the ransomware on the victim organization. When ALPHV received $22,000,000 they did not pay the affiliate their 80% cut. They just left.

This left many researchers wondering: what happened to the data? Will Change Healthcare be extorted again?

Well now, assuming RansomHub is telling the truth, we know the answer. Besides listing Change Healthcare on their site, they also briefly explained that they now have the Change Healthcare data, so they're extorting Change Healthcare again.

However, it is not clear if RansomHub is a rebrand of ALPHV ransomware group, the affiliate at ALPHV is moving to RansomHub, or if this is a scam by RansomHub ransomware group trying to intimidate Change Healthcare into paying again.

We have not investigated the current Change Healthcare listing on RansomHub's website to indicate if this is a scam.

If we had to guess, we would guess the ransomware affiliate from ALPHV simply moved over to RansomHub and want to collect their approx. $17,600,000 they believed they're due.

¯\_(ツ)_/¯

Special thanks to Dominic Alvieri for sharing the RansomHub explanation post with us.

vx-underground

12 Apr 2024 19:35

The spam bots are recursively replying to each other because their spam messages contain key words other spam bots use

tl;dr spam inception

https://twitter.com/rosenwells/status/1778809976930115626

vx-underground

12 Apr 2024 17:16

> Elon Musk vows to crack down on porn spam
> record scratch
> window breaking noise
> Stone Cold Steve Austin music plays

vx-underground

12 Apr 2024 08:49

Someone tried to community note us over a meme.

vx-underground

12 Apr 2024 05:11

Unbelievably, upon review, we realized we have crossed off ALMOST our entire to-do list. It only took 4 years and 11 months.

- 36,000,000+- malware samples
- 19,852 papers
- 38,793 APT papers and/or samples
- 3,206 malware sources
- VXDB developed and implemented

vx-underground

10 Apr 2024 14:59

Today we learned Hatching Triage introduced Android sandboxing for Android malware... 4 years ago.

We never sync'd Android malware because we didn't know that functionality existed in Triage 😂😂😂

vx-underground

10 Apr 2024 10:50

"Have you ever accidentally detonated malware on your main machine?"

Yes, and it was like this

vx-underground

10 Apr 2024 06:29

This is real. Also, we don't trust it

vx-underground

09 Apr 2024 22:28

Fighting the temptation to keep meme-ing universities with free Robux malspam

vx-underground

09 Apr 2024 15:54

Some people thought the Robux thing we tweeted was an actual way to get Robux for free 😭😭😭😭

You're now banned from the internet. Forever.

vx-underground

09 Apr 2024 07:15

Shoutout to the homies at Harvard for the free Robux. Coming in clutch to help us get some new drip

vx-underground

09 Apr 2024 07:10

Shoutout to the homies at Stanford for helping us get free Robux 🙏🙏🙏

vx-underground

08 Apr 2024 18:38

tl;dr ALPHV affiliates just moved to RansomHub

vx-underground

08 Apr 2024 07:23

tl;dr if your company has allegedly been compromised, do not start banning, or timing out people, who are asking questions about it. It only fuels the fire and makes the questioning and rumors more ferocious.

vx-underground

08 Apr 2024 07:00

Security researcher Jonas Lyk has found a DoS vulnerability in Discord.

If you try to paste the string "http://./\<#0>: ://./<#0>" into Discord it will crash

¯\_(ツ)_/¯

vx-underground

08 Apr 2024 05:58

The organizations listed below were victims of the now defunct ALPHV ransomware group.

Why is it being listed? Possibilities:

- ALPHV has secretly been administrating RansomHub
- ALPHV affiliates have moved to RansomHub
- ALPHV leaked data to RansomHub
- It's a scam