vx-underground

16 Jun 2025 08:09

hOw iS maLwARe wRiTteN

I unironically see this question posed by people who can program.

In its simplest form malware is just like any other program written except it has task automation present. Anything after the task automation segment is an auxiliary component and designed to avoid detection.

For example, if we discuss information stealer malware (which is rampant online), it can broken down into a few different "steps".

Step 1. "Land" on the machine. Your first step is getting the program on the machine and getting the user to run the program. More often than not, this is the most difficult part for malware. The most common method is file masquerading — in other words, "ImportantFile.pdf.exe".

To make this file masquerading "Step" more believable to the target, you simply change the files default icon to be that of a PDF file. This is extremely common in programming in general, I'm sure many of you have tried to customize your program.

2. Enumerate files on the machine. This is extremely easy to do and I'm sure any programmer can do this. Most files will be stored in the Documents directory. You use Windows GetEnvironmentVariableW function (or some variant of it) to get the user document directory. Then all you do is iterate through each file in that folder.

3. Examine each file discovered in the directory and/or follow sub-directories. Each file you encounter you should examine the file by determining its file extension. If the file extension is something which may possess something valuable (e.g. .PDF, .TXT, .PNG, .DOCX), then appropriate action should be taken and the next "Step" should be triggered.

4. Data exfiltrating — any file deemed potentially valuable should be uploaded to a remote host you own. You can use any method you want and any host you want. Some malware uses Discord, some use FTPs, some use their own custom infrastructure. If you've ever written code that sends a document somewhere then you can do this.

5. Self-terminate. Your malware has done its job.

Anything else beyond those 5 key "Steps" is used to avoid detection. Additionally, malware developers will spend a great deal of time trying to find unique ways to enumerate files, identify files, or send files to remote hosts. The more unusual you can make your malware the better. Of course more "Steps" may be introduced to steal cookies, cached passwords, etc. Other "Steps" may be to identify where the malware is running (e.g. country, what version of Windows, etc).

Thanks for coming to my Ted Talk

vx-underground

14 Jun 2025 21:42

Furthermore, it is probably worth reminding people that the IRGC-CEC successfully compromised Donald J. Trump's political campaign in 2024.

3 individuals operating under the monikers "Jalili", "Aghamiri", and "Balaghi" successfully compromised aides to the current President of the United States via social engineering.

The United States government issued an official indictment for the individuals believed to be responsible for the compromise.

More information: https://www.documentcloud.org/documents/25177046-24-cr-439-indictment

vx-underground

14 Jun 2025 16:55

Shout-out to YouTube

YouTube is scheduled to begin experimenting with unskippable advertisements.

YouTube will teach the kids (indirectly) to sail to seven seas.

vx-underground

13 Jun 2025 15:44

Facebook by default makes all AI conversations public (???)

Now Facebook timelines are filled with people sharing incredibly sensitive information with Meta AI. This ranges from people discussing health problems, admission to tax fraud, people asking how to find young women, and more

To make things even worse, Meta AI allows audio input.

vx-underground

12 Jun 2025 20:17

Tried to have ChatGPT represent me in court. Just got sentenced to death for a speeding ticket smh

vx-underground

12 Jun 2025 01:20

Changed the PVM file extension to .sys. It just works

vx-underground

11 Jun 2025 22:29

Our malware ingestion operations have resumed.

They will become available sometime, soon, somewhere (probably). Thank you to our sponsors and donors who continue to donate to us despite being AFK. Thank you to petikvx, guessthepw, and TorGuard for covering me while I'm gone.

I love you. More soon
- smelly smellington

vx-underground

11 Jun 2025 04:11

Hello,

I see your messages. However, I am the only staff member present and I am busy with a newborn baby. If you send me a message requesting something please do not just "HEY SMELLY? HELLO? R U HERE" 1500 times. Send me a message and make it as detailed as possible. I will eventually reply... unless you're rj_chap because he left a detailed message and I keep forgetting to reply to him. So, I am publicly announcing I keep forgetting to reply so that maybe later I will remember to reply.

Thanks,
- smelly smellington

vx-underground

09 Jun 2025 05:49

tl;dr have to euthanize my dog tomorrow morning. Not happy about it. He was a core staff member

vx-underground

09 Jun 2025 04:03

>be me
>be busy with newborn
>wonder what's happening
>check news

vx-underground

08 Jun 2025 08:30

ChatGPT is literally just the worlds biggest if else statement

vx-underground

08 Jun 2025 02:35

vx-underground if it were an anime

2019 - 2020: Introduction Arc
2020 - 2022: Rapid Growth Arc
2022 - 2024: Threat Actors TMZ Arc
2024 - Current: AFK arc

vx-underground

07 Jun 2025 15:25

I planned on issuing an administrative update on plans and stuff for vx-underground.

I haven't had the time to address some issues with the site

One of these days I'll have enough free time do it

vx-underground

06 Jun 2025 21:01

DOGE employees on Monday when the Trump administration requests the CIA conduct personalized one-on-one interviews about Mr. Musk

vx-underground

06 Jun 2025 18:45

mfw I see normies discussing malware

vx-underground

14 Jun 2025 21:51

when i see misinformation vs misinformation on malware

vx-underground

14 Jun 2025 21:35

It's interesting seeing people make shit up on social media. The first attached image is a lie.

tl;dr real hacker, did real and serious damage, "mr soll" didnt do some weird made up bullshit

"Mr. Soll" a/k/a Mr. Soul is a person operating within the "CyberAv3ngers" group. The CyberAv3ngers are a well-known state sponsored group operating within the IRGC-CEC (Islamic Revolutionary Guard Corps, Cyber-Electronic Command). The CyberAv3ngers have been active for several years.

Historically, the CyberAv3ngers have targeted critical infrastructure within the United States and Israel using a malware dubbed "IOCONTROL". Using IOCONTROL CyberAv3ngers targeted ICS/SCADA devices (Industrial Control System/Supervisory Control And Data Acquisition) as well as other devices such as PLCs (Programmable Logic Controllers).

CyberAv3ngers made a significant amount of "noise" in November, 2023, when one of their operations targeted default credentials on PLC devices across the United States. The compromised device would display "You have been hacked, down with Israel. Every equipment ‘made in Israel’ is CyberAv3ngers legal target." The attack often rendered the PLC inoperable using "Crucio ransomware".

"Mr. Soll" did no such action stated in the first attached image — but "Mr. Soll" and/or the CyberAv3ngers have taken offensive cyber approaches for many years. However, CyberAv3ngers will gladly accept this post and declare it as truth as this aligns with IRGC-CEC misinformation campaigns.

vx-underground

13 Jun 2025 18:02

Correction: Facebook users are saying it does not make the Meta AI conversations public. Instead users are somehow sharing it (???)

Users gonna be users, or something.

vx-underground

13 Jun 2025 04:26

That is exactly how financial point of sale systems work

vx-underground

12 Jun 2025 20:10

Had a conversation with someone I met in late 2019, early 2020. In 2019 they were a complete noob and were trying to get started in cybersecurity

Fast forward to 2025... They still haven't done shit. Bros been browsing YouTube and playing video games for 6 years 😂😂😂

vx-underground

12 Jun 2025 01:17

Writing a kernel mode driver in Python. It's going to be used to stop cheaters in video games. It will also steal sensitive documents (cat pictures)

vx-underground

11 Jun 2025 17:03

"If there is anything you need let me know. I'm here for you."

I need $250,000,000.

vx-underground

10 Jun 2025 20:13

To be fair, to understand this video requires a VERY high IQ

vx-underground

09 Jun 2025 05:47

When I first made vx-underground my dog was right beside me. Every single day; morning, afternoon, or night, he would be in my office while I worked.

He was there right beside me when I was working on some research projects, working on Black Mass, restructuring or reorganizing the website.

Every morning when I woke up we had a routine. Him and I would go outside. I'd have a smoke, he would use the restroom. We'd go inside and eat breakfast together. Following this him and I would immediately go into my office and get on the computer. While I worked he would sit right beside me on his dog bed.

He did that every single day for years. If I stayed up for over 24 hours, he would be right there next to me waiting for bedtime. If I slept in and was being lazy, he would wait patiently to use the restroom (or yell at me to wake up).

If I ordered food, I'd make sure he had a bite or two. If I ran to the store for snacks, I'd pick him up something.

That's why it is so hard knowing that tomorrow morning I will be administering a near lethal dose of Acepromazine, Gabapentin, and Trazodone to my best friend. Following this he will transported to the veterinarian office to be administered a secondary dosage of medicine which will result in acute brain failure and respiratory failure.

As always, tomorrow when him and I go outside for our daily routine of having a smoke and him using the restroom, I have to offer him his favorite snack (cheese). He'll be super excited, it's uncharacteristic of me to give him a treat for breakfast. He won't know that after he eats it, it will probably the last thing he remembers.

vx-underground

08 Jun 2025 18:48

One thing,
I don't know why,
I copy pasted your code and it won't compile

vx-underground

08 Jun 2025 02:36

Can't believe this crappy website is already 6 years old.

vx-underground

07 Jun 2025 17:50

wtf why is this cat looking at lockbit ransomware blog

vx-underground

06 Jun 2025 23:33

Gamers express concern over anti-cheats and assert them to be spyware running as "root" on Windows.

Malware doesn't need to be ran at an elevated privilege (especially "root") to achieve it's objective of exfiltrating sensitive information or "spying" on you by watching what you're doing.

All of this can be achieved easily from user mode and can (usually) work even in restricted environments.

tl;dr these large game publishers don't need an anti-cheat to spy on you. They can do it easily from user mode.

vx-underground

06 Jun 2025 20:47

Don't let these so-called "experts" lie to you. Nearly 99.9% of malware can be detected and eliminated with a 1 simple Nessus scan. The other 0.01% can be detected and eliminated using nmap (can't be zenmap).

vx-underground

06 Jun 2025 15:49

What is Microsoft doing