14367
The largest collection of malware source, samples, and papers on the internet. Password: infected Website: https://www.vx-underground.org/ vx-underground Telegram chatroom link: https://t.me/+njfLzUrqos01ZWNh
Times like this we need a reminder that only one person can protect us from OSS supply chain attacks
meemaw. She would know immediately
The xz situation is absolutely insane and almost certainly state sponsored.
This is an excellent example of a widely used software being maintained by basically one person.
Read this web article and then frown and become sad.
https://boehs.org/node/everything-i-know-about-the-xz-backdoor
Lockbit has clarified this is not to intimidate potential victims of ransomware. Lockbit administrative staff claim they were recently robbed and need to get their money back.
Читать полностью…
Happy Supply Chain Attack Friday!
tldr if you updated Kali Linux recently you're pwned with malware
https://twitter.com/kalilinux/status/1773786266074513523
FTX founder Sam Bankman-Fried has been sentenced to 25 years in prison.
Читать полностью…
DarkGate loader has the most sophisticated loader we've ever seen. It's over for the anti-virus industry. How would anyone defeat or detect this?!
Читать полностью…
Over the past couple of days we have become aware of malware targeting gamers! More specifically, a currently unidentified Threat Actor is utilizing an infostealer to target individuals who cheat (Pay-to-Cheat) in video games.
A Call of Duty cheat provider (PhantomOverlay) was alerted of fraudulent activity when user accounts began making unauthorized purchases. The cheat provider was the first to notice the fraudulent activity and reached out to the suspected victim. Since the initial victim was identified, more and more victims have been identified.
The scope of the impact is so large, and in a bizarre twist of fate, Activision Blizzard is coordinating with cheat providers to aid users impacted by the massive infostealer campaign.
Currently there is a presumed impact of:
- 3,662,627 Battlenet accounts compromised
- 561,183 Activision accounts compromised
- 117,366 Elite PVPers accounts compromised
- 572,831 UnknownCheats accounts compromised
- 1,365 PhantomOverlay accounts compromised
When Elite PVPers was approached by PhantomOverlay administrative staff about the compromised accounts, Elite PVPers confirmed they have identified 40,000+ valid user accounts compromised. These are seemingly freshly stolen credentials and are not present from previous publicly available credential dumps. However, due to the size of the data we have not been able to thoroughly review the data for duplicates.
Additionally, impacted users have begun reporting being victims of crypto-draining – their Electrum BTC wallets have been drained. We do not have any information on the amount of money stolen.
We've updated the vx-underground malware collection. We've added approx. 24,000 malware samples. All are synced with the VXDB.
- XWorm
- Remcos
- zLoader
- PikaBot
- QakBot
- Konni
- LummaStealer
- PureLogStealer
- Android.Anatsa
- Gh0stRAT
- IcedId
- BackMyDataRansomware
- AresLoader
- Android.Teabot
- Turla
- AgentTesla
- VirusSign.2024.03.18
- VirusSign.2024.03.19
- VirusSign.2024.03.20
- VirusSign.2024.03.21
- VirusSign.2024.03.22
- VirusSign.2024.03.23
- VirusSign.2024.03.24
Woke up to internet dorks angrily proclaiming, screaming at the top of their lungs, we are forbidden from discovering something already discovered.
Unironically we get more negative feedback about video games than we do talking to internationally wanted criminals
At 1:28AM EST The Francis Scott Key Bridge in Baltimore, Maryland was struck by a Large Container Ship. It is being reported as a mass casualty event. It was captured on CCTV footage.
Very little information is available at this time.
tl;dr we're digital archaeologists
We can't spoil this too much – but we found an online gem. It's an old video game, released in 1994, that still has servers online. We aren't entirely sure how they're online, or why, but they're still here. It has a daily peak of 50 users whereas in the 1990's it had nearly 500,000 users online daily.
The game client recommends specs of the following:
- 300MHz (800MHz ideally)
- 128MB+ RAM
- Windows 98, Me, 2000
- Windows Media Player 6.4 or later
- 3D acceleration (64mb+ video RAM)
Currently this game has 206 servers online. The game held online expos and/or conventions which were sponsored by companies like Microsoft, Intel, Boeing, and dozens of now defunct companies.
Interestingly, the game also has a server which was briefly pitched as a United States Department of Defense virtual-command center ... which is still online and actively maintained as of 2024-03-25. Around approx. 1999 this server was pitched to United States government personnel to cooperate with allies in Africa – it features a now defunct United States x Africa virtual command center. It currently has a command center for the United States, Israel-Gaza conflict, Ukraine-Russia conflict, and COVID19 information command center. We spoke with the maintainer of this server and learned a lot about him, the game, why he is still around, and so much more. It is profoundly interesting.
Out of the remaining servers are also old virtual meetups, with photos of the people who attended, dating back the early 2000s. It has a birthday server.. for a woman who held an online birthday party sometime in the early 2000s.
It has a teenager server hangout room which was last updated December, 2001. There are lots of notes and images in the teenager server of teens from the 90's writing 'X was here May, 1999' and so on.
The game also features an online graveyard. It is maintained by a woman, who has listed her PII in the game, and has probably 20+ friends who have passed away. It has photos, messages, virtual flowers, and more.
Top-gg, the self-proclaimed largest collection of Discord bots, was subject to a supply chain attack. The unidentified Threat Actor(s) created a fake Python package domain to deliver poisoned Python packages.
These individual(s) successfully compromised a GitHub maintainer for Top-gg and modified the code base.
You can read the full article here: https://www.bleepingcomputer.com/news/security/hackers-poison-source-code-from-largest-discord-bot-platform/
We're working on something kind of unique right now. It's really cool and you nerds will be like "lol wtf"
Also, hope everyone had a good weekend:)
meemaw shows nerds how to use ffmpeg, uses a 2 character password, uses neofetch, and complains about bloat on her 4gb linux box
based and linux pilled
https://www.youtube.com/watch?v=YVI6SCtVu4c
The more we read about the xz supply chain attack the more we realize that everyone needs to move to Windows XP.
This wouldn't have happened on Windows XP
Checked in with Lockbit ransomware group administrative staff yesterday. We haven't spoken with them in a few weeks. They're now looking to expand operations into Violence-as-a-Service.
Very cool – malware, extortion, money laundering, and now violence 👍
In case you missed our first ever VXUG trivia night, first place won $500 & last place won custom made hoodies (sponsored by Malcoreio)
The hoodies include their team name and a silly quote from them.
Congratulations to Bandrel's team for the swag.
Unpopular opinion: cheating in video games is cool and badass
You should have nothing but the utmost respect for nerds who spent their time reverse engineering a game and developing ways to cheat. It isn't easy work especially with the advancement of anti-cheats.
It should be noted that some of these accounts are also not cheaters. Some users impacted utilized gaming software for latency improvement (?), VPNs, and Controller Boosting software
(we don't know what this means)
Anyway, we weren't going to make a video about this... because we don't make videos and we don't profit from our tweets (okay, maybe a few pennies, we're so sorry).
But let it be known!! They are correct – we watched VineSauce and RedLyne! Please forgive us 😭🙏
Unrelated to malware of course, but this impacts individuals we know in this area and this event is shocking.
Читать полностью…
This entire server is maintained by an ex-United States Army intelligence officer. He has been actively working on this virtual world for nearly 30 years. When we spoke with the owner 'Lens' he told us he can only communicate using Dragon text-to-speech software, he is retired, and spoke very highly of this game. He pitched it to the United States government multiple times – recently at 2010.
Each dome you see if a specific virtual command center which include newsfeeds, videos, updated maps, and more.
Our page engagement is 5x - 10x higher when we shit post. We've become profoundly gifted in the art of shitposting over the past 5 years of vx-underground.
Читать полностью…
tl;dr Chinese state-sponsored hackers indicted. Long story. Full indictment can read here: https://www.justice.gov/opa/pr/seven-hackers-associated-chinese-government-charged-computer-intrusions-targeting-perceived
Summary:
Today the United States Department of Justice indicted seven individuals believed to be tied to Chinese-stated sponsored group APT31 a/k/a TA412 a/k/a Violet Typhoon a/k/a Zirconium.
The individuals indicted are:
- Ni Gaobin, 38
- Weng Ming, 37
- Cheng Feng, 34
- Peng Yaowen, 38
- Sun Xiaohui, 38
- Xiong Wang, 35
- Zhao Guangzong, 38
All are believed to reside in the People's Republic of China.
The individuals are charged with conspiracy to commit computer intrusions and conspiracy to commit wire fraud. The individuals are believed to have spent the past 14 years targeting United States and foreign critics, businesses, and political officials to further Chinese economic espionage and foreign intelligence objectives.
The full write up, and indictments, from the United States Department of Justice is lengthy and gives more details on their actions.
Our friend exoqqen shared a wonderful photo with us. In Vietnam there is a temple which has artwork demonstrating the Laws of Karma
"Creating computer virus causing harm to others"
...
"Brings an insane and foolish person"
tl;dr based monks know you're all insane
Hello, we would like to remind all of you that security research, malware development, reverse engineering, and exploit development is not the result of a singular individual or entity. We all collectively learn.
Bernard of Chartres, twelfth-century French Neo-Platonist philosopher and scholar, coined a famous phrase which was later used by Isaac Newton – which we believe accurately describes this field of work.
Isaac Newton wrote his rival, Robert Hooke, in 1675. In the letter he penned: "if I have seen further [than others], it is by standing on the shoulders of giants."
This is a metaphor which means "using the understanding gained by major thinkers who have gone before in order to make intellectual progress" or simply put "discovering truth by building on previous discoveries".
Thank you to everyone who succeeds and releases new research or papers. It inspires us to learn more, evolve, and presents us the opportunity to discover new things ourselves.
"nani gigantum humeris insidentes" – "standing on the shoulders of giants"