14365
The largest collection of malware source, samples, and papers on the internet. Password: infected Website: https://www.vx-underground.org/ vx-underground Telegram chatroom link: https://t.me/+njfLzUrqos01ZWNh
1. StreamElements confirms there was a data breach. However, they assert their web shop is ran be an external entity. They were not compromised, but customer data was still stolen. ¯\_(ツ)_/¯
2. WoW! ISP breach was (probably) the result of information stealer malware (the usual suspect). HudsonRock confirms the names and information displayed in the video from Arkana ransomware were previously found in information stealer logs.
tl;dr employee with actual access to stuff at isp somehow does oopsie, detonates infostealer malware, ransomware nerds get it, chaos ensues
tl;dr tl;dr big hacks always infostealers, phishing, or social engineering
tl;dr x3 ¯\_(ツ)_/¯
Arkana ransomware group claims to have compromised "Wide Open West - WOW!", one of the largest Internet Service Provider's in the United States.
First and foremost: we have never heard of Arkana ransomware group. We've seen some researchers mention them via their onion domain — but this appears to be their first victim. Their first victim is also a giant.
Second: previously we shared a music montage video Arkana put together illustrating the level of access they claim to have on "WOW". However, upon inspection, the compromise Arkana is claiming to have is far more devastating than initially thought.
Interestingly, Arkana has used some sort of AI tool to provide a high-level overview of their compromise on their onion domain. It reads exactly like a ChatGPT message.
tl;dr
1. Arkana opens by threatening WOW by mentioning lawsuits (incorrectly citing GDPR) by shareholders and customners.
2. Arkana mocks the CEO. They published her company shares, address, address history, e-mail addresses, and social security number. They taunt her.
3. Share generic company information which is public, primarily shareholders, company executives, directors, etc.
4. Provide table layouts impacting 403,000 customers including:
- UserId
- UserName, Password
- SecurityQuestion
- SecurityAnswer
- Email
- Full name
- WOW service package information
5. Demonstrate full access to "Symphonica" — and show themselves allegedly pushing malware to customer devices (in Michigan?).
6. Demonstrate full access to "AppianCloud", they suggest (in their AI summary, and also in the video they made), they can potentially alter billing information or alter financial transactions (?).
7. The images (as well as the video) Arkana share show intimate and detailed access to WOW.
This is very, very, very interesting from a random, suddenly appearing, almost no-name ransomware group. We see ransomware groups appear all the time, rarely do they make an explosive impact like this right out the gate. We personally do not know of many groups capable of NOT ONLY compromising an ISP, but also knowing how to navigate the infrastructure AND ALSO (allegedly, based on the footage provided) push malware to customer devices.
🚨BREAKING 🚨Michael Saylor's 'Strategy' now the most targeted organization by sim swappers and North Korea
Читать полностью…
Hi,
We've added 497 malware builders (even some old school), including some which target Android devices. Each directory now includes images of the malware builder as a 'preview'.
Some builders have been removed so we can ensure they're legitimate.
Thanks to Cryakl 🤝
Is this ethical? Probably not. Is it cool and badass? Yes.
Читать полностью…
> wake up
> check email
> emails from compromised government emails
> Tunisia, Brunei, Tanzania, Argentina, Angola
> most are kitty cat pictures
> take a shit
> get out of bed
Holy cow, this dude is cookin'. How do we hire this guy?
https://github.com/Cryakl/Ransomware-Database
When I first made vx-underground in May, 2019, one of the first people to discover the site was a person named "Santa". They messaged me and said they liked my website.
Approx. once a year "Santa" says Hello to me.
No idea who they are
bug bounty nerds finding the 14,000th rfi bug of the day from the vibers of vibe coders
Читать полностью…
> tornado cash no longer sanctioned
> cuts to CISA
> fbi getting salad tossed
> companies hiring "vibe coders"
threat actors:
webapp hackers watching every company switch to "vibe coders"
Читать полностью…
Mr Beast in 2017: *gives $1000 to pizza delivery people*
Mr Beast in 2025: *breaks pool stick over knee, throws on floor, demands 2 people fight to the death for entertainment*
Yesterday Discord announced it will be introducing advertisements into its mobile version.
Instead of labeling them advertisements, Discord is labeling them "Video Quests". Completing "Video Quests" (watching advertisements) allow you to earn rewards.
Video Quests are optional
StreamElements web store was compromised. Over 100,000 people impacted.
The Threat Actor responsible was kind enough to notify the impacted customers by sending all of them an email from "Diddy Squad".
Arkana ransomware group claims to have compromised an Internet Service Provider in California.
They were even nice enough to put together a music video montage illustrating the level of access they possess.
Connor Moucka a/k/a Waifu, the Canadian believed to be responsible for the Snowflake compromise, has consented to extradition to the United States.
We can't recall a time a suspected Threat Actor consented to extradition to the United States.
https://cyberscoop.com/connor-moucka-snowflake-hacker-extradition-us/
Honestly, Sliver, NightHawk, Havoc, Cobalt Strike, you need to take notes.
Do your tools even look cool and badass like this?
Someone contacted me and asked if I'd be interested in reviewing their proof-of-concept.
I said yes
They then sent a picture of their penis
When you see someone on social media discussing using AI to code it is your personal responsibility to encourage them. Tell them to "ignore the haters" and "keep it up!".
This will keep our cybersecurity pockets phat for generations to come.
Yesterday I became acquainted with a young and passionate person who, for the past 2 years, has been documenting RATs (images, versions, port usage), and ransomware payloads (images, notes, contact information).
They've documented 92 ransomware variants including (if applicable), their manuals, builders, etc.
They've documented 474 RATs variants including (if applicable), their version history, builders, source code, manuals, etc.
When I spoke with them they shared they've discovered (through various means) hundreds, possibly thousands, of other malware builders from various countries dating back nearly 2 decades. They've been slowly reviewing them all and documenting them by themselves.
Interestingly, as our staff is limited on resources, having family issues, or having new family members introduced, we suddenly discovered a young and passionate person who has been working tirelessly for 2 years without much recognition.
When one door closes, another door opens.
Chat, we may have a new staff member
VXUG 🤝Cryakl
uploading malware still, just chillin. have this kitty cat. ttyl
Читать полностью…
Someone has done an excellent job collecting RATs and documenting them by version. They also included images.
A+ work. This is amazing (we're going to ingest this eventually)
https://github.com/Cryakl/Ultimate-RAT-Collection
Hello, how are you?
I have to break some bad news (kind of).
Previously, b0t stepped down. Bradley is (sort of) stepped down — his Father is on his death bed and Bradley is acting as his primary caretaker. I'll also be gone soon. My son Smelly Smellington Jr will be born in May, 2025.
Our other staff members are part time, or only staff "as needed", so ... I don't know what the future holds for vx-underground.
This is not the end. This is turbulence. This project, website, things we do for fun, will always be around. But, I cannot ensure consistency like I have historically.
I see the comments criticizing us (or rather, me specifically), for the lack of focus on malware and instead primarily posting "memes". Sorry. I'm spread too thin. I also wish I had more focus on malware.
Anyway, I'm still working on restoring virus-dot-exchange. 24,000,000 malwares. Most updates soon.
Cheers,
- smelly smellington
> tornado cash no longer sanctioned
> cuts to CISA
> fbi getting salad tossed
> companies hiring "vibe coders"
cybersecurity sales people:
We're happy to announce there are companies hiring for "Vibe Coders" now.
Читать полностью…
We've got 4 Rust Femboys living in a basement and if they stay there until they learn C, they all get a life time membership to CrunchyRoll
Читать полностью…
meant to type "del {malware_sample} in cmd
typed {malware_sample} with .exe extension
lol oopsie, detonated malware on vidya game box again