14367
The largest collection of malware source, samples, and papers on the internet. Password: infected Website: https://www.vx-underground.org/ vx-underground Telegram chatroom link: https://t.me/+njfLzUrqos01ZWNh
Today following the CSS injection discovered by cloud11665, internet nerds also discovered you can do CSS injection on the issues tab.
The attached link is defanged. Someone did a CSS injection on a raised issue, which resulted in the issue being essentially hijacked. When the link is clicked it quickly flashes in black & white a Discord invitation link.
This could potentially pose an issue to individuals who suffer from epilepsy.
Link if you're curious what it looks like:
hxxps://github.com/tukaani-project/xz/issues/92
Today on the Microsoft blog the Vice President of Windows and Devices, Pavan Davuluri, released new information & updates on Microsoft Recall citing that they 'have heard feedback' on Microsoft Recall and have decided to make some changes to how it operates.
- You can now choose whether or not you want Recall active during installation. It is no longer active by default
- "Windows Hello" enrollment is now required to enable Recall. A "proof-of-presence" is required to view and search Recall
- Recall is now implementing additional layers of protection – it is decrypted in-real-time with Windows Hello Enhanced Sign-in Security (ESS). Data is only decrypted when a user authenticates it. Search index is all encrypted.
They've also introduced more management features of administrators of corporate or enterprise environments.
Thanks to CyberCakeX for sharing this with us.
More information: https://blogs.windows.com/windowsexperience/2024/06/07/update-on-the-recall-preview-feature-for-copilot-pcs/
We've updated the vx-underground Malware Analysis paper collection
- 2024-01-24 - Layers of Deception: Analyzing the Complex Stages of XLoader 4.3 Malware Evolution
- 2024-02-19 - Pelmeni Wrapper: New Wrapper of Kazuar (Turla Backdoor)
- 2024-03-26 - Comprehensive Analysis of EMOTET Malware: Part 1
- 2024-04-13 - Analysis of malicious Microsoft office macros
- 2024-04-22 - Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials
- 2024-04-29 - How to unpack Death Ransomware
- 2024-05-01 - “Dirty stream” attack: Discovering and mitigating a common vulnerability pattern in Android apps
- 2024-05-08 - APT28 campaign targeting Polish government institutions
This is the 2nd time this week proprietary information has been leaked onto 4chan. A few days Club Penguin files were stolen from Disney's internal network and leaked onto 4chan.
Читать полностью…
vx-underground harddrive purchasers: we have received 10 harddrives for cloning. However, Western Digital has some how lost the other 10 (???)
Читать полностью…
Security Researcher Alexander Hagenah has developed a proof-of-concept which programmatically extracts data out of Microsoft Recall
Microsoft said it would be safe, but as is tradition, it was beaten with a stick before it was even fully deployed
https://github.com/xaitax/TotalRecall
no such thing as a bad program, just a bad author
Читать полностью…
Who the hell do you think we are, Telegram? Now people are seeing an 'OG' username advertisement 😭
Читать полностью…
Full article and source: https://www.forbes.com/sites/emilybaker-white/2024/06/04/a-zero-day-tiktok-hack-is-taking-over-celebrity-and-brand-accounts/?sh=621c6d4c6060
Читать полностью…
Possible reasons:
- DNS
- Ransomware
- Someone stepped on a banana, slid, fell onto important thing
- Bad code pushed to prod
- Unplugged massive FCC router, didn't wait long enough before plugging back in
Today on 4chan someone leaked internal documents from Club Penguin.
It is 137 documents which include product planning, proof-of-concepts, internal e-mails, and some documents on other projects such as Tron.
All of the material appears dated, it is probably valuable to lost media nerds.
Administrative announcement:
vx-underground telegram chatroom now has 'vx-underground kitty cat' sticker pack to ensure cat image spamming.
Thanks,
We do vx-uwu every so often because a few years ago a joke surfaced of a vx-underground member saying "I'm gay". It bothered some people, for whatever reason, so we decided it would be funny to roll with it – be extra gay, cute, anime-uwu, etc, to antagonize them.
tl;dr uwu
Today was not a good day for the day of the rest.
tl;dr
> wake up
> over 9,000 notifications
> wtf.exe
> vx-underground flagged by cloudflare
> wtf we use cloudflare
> cry on xitter
> cloudflare fixes and says sorry
> open the door
> get on the floor
> walk the dinosaur
> Use CloudFlare product
> Domain is at CloudFlare
> Cloudflare Trust & Safety flags us
Will this be the end of vx-underground?
Find out on the next episode of Dragon Ball Z
Today cloud11665 discovered a CSS injection vulnerability (or super cool customization feature) on GitHub.
* Reposted for issue correction
* Initially attributed discovery to wrong person
Video shared from yacineMTB
Wow! Microsoft Recall reviews!
"⭐️⭐️⭐️⭐️⭐️, it helped our customers get more and faster" - Redline stealer
"⭐️⭐️⭐️⭐️⭐️, helped us optimize our code base. Love it!" - Formbook stealer
"⭐️⭐️⭐️⭐️⭐️, so easy to use! Required no work to get information" - Rhadamanthys stealer
Hello, and good morning, evening, or night.
We've updated the vx-underground APT archive for the month of May, 2024. We've also updated some previous months in 2023 and 2022.
We hope all of you have had a good week.
https://vx-underground.org/APTs
Today on 4chan someone leaked the source code (?) to the New York Times. They leaked 270GB of data
They wrote that the New York Times has 5,000+ source code repositories, with less than 30 being encrypted (?). It is 3,600,000 files in total
Note: We haven't reviewed the data
Security Researcher James Forshaw discovered Microsoft Recall uses a 'conditional access trick' he himself noted recently.
You can bypass Recall access restrictions by getting a token on AIXHost.exe and then impersonating it.
More information: https://www.tiraniddo.dev/2024/06/working-your-way-around-acl.html
> wake up
> check news
> more ransomware attacks against critical infra
> more problems found in microsoft recall
> more malware campaign findings shared
> more company databases leak
> more twitter dm spam
May 31st the United States Marine corp released information on a new program to improve Cyber Security Specialist and Signals Intelligence enlistments.
The Marine corp can now enroll someone up to an E-7 rank, with the highest being E-9, based on education and experience.
Interested participants must still pass basic training and meet standard fitness requirements.
The pay for an E-7 rank is $43,500 annually.
Alternatively, individuals with backgrounds in cyber security can apply for jobs in the private sector and make $150,000 - $750,000 based on education and experience, while also being able to work remotely, not wear a uniform, not have to do basic training, and not be stationed on a base.
Shout out to Telegram for advertising an infostealer on our Telegram channel. That is cool and badass
(we don't make any money from the advertisements placed on our Telegram page)
tl;dr don't read TikTok dms ¯\_(ツ)_/¯
Today is was announced an unknown Threat Actor(s) had discovered an exploit in TikTok which allows users to hijack accounts.
Details are scarce – however it has been noted that the payload (as it is being described) is delivered through TikTok direct messages. The payload is executed when the direct message is read. However, it does not require any external files be executed, the user does not need to respond to the message, etc.
No details have been unveiled on whether or not this is platform specific (i.e. Android or iOS).
The unknown Threat Actor(s) have compromised Paris Hilton, CNN, and Sony. It is claimed other high-profile and/or celebrity accounts have been compromised, but no other 'high-profile' accounts have been disclosed other than the ones previously noted. The TikTok security team is aware of the issue and has confirmed the legitimacy of the exploit with Forbes.
TikTok representatives stated to Forbes that a small number of users were compromised. No exact numbers were given. TikTok representatives have not stated if the exploit is still valid, how users can protect themselves, or what the attackers have done with the compromised accounts.
Yesterday it was announced that IKEA is launching a virtual Roblox store. They're seeking Roblox players to work in the Roblox IKEA store. Must be 18+
Location: Fully remote
Schedule: Flexible
Pay: £13.15 / €14.80
Employment type: Contract
Details: https://thecoworker.co.uk/
Game reverse engineers and cheaters hate this 1 simple trick (impossible to bypass)
Читать полностью…
Updates to vx-underground
Archives:
- The One New Thing, May 2024
- Builder.Win32.DarkGateLoader.a (unknown variant)
Malware collections:
- Bazaar.2024.05
- InTheWild.0125
- Virussign.2024.06.01
- Virussign.2024.05.31
- Virussign.2024.05.30
- Virussign.2024.05.29
- Virussign.2024.05.28
Papers:
- 2023-02-03 - Threat Actors Abuse AI-Generated Youtube Videos to Spread Stealer Malware
- 2023-05-13 - Mallox affiliate leverages PureCrypter in MS-SQL exploitation campaigns
- 2023-04-26 - Unpacking BellaCiao: A Closer Look at Iran’s Latest Malware
- 2024-01-05 - Tomb Crypter and ChrGetPdsi Stealer Analysis Report (INT00011701)
- 2024-05-13 - Exploring the Depths of SolarMarker's Multi-tiered Infrastructure
- 2024-05-14 - Breaking new ground: Uncovering Akira's privilege escalation techniques
The SVP of Cloudflare replied to us and said they'd fix the issue.
Thank you to everyone who was ride-or-die with us.
According to this report that Cloudflare received, we are a hacking collective that infiltrates devices and disseminates illicit content:(
This is terrible:(
We're just a library:(