40630
The largest collection of malware source, samples, and papers on the internet. Password: infected https://vx-underground.org/
I've had a few posts break past 70k likes, 80k likes, and even 100k likes.
Chat, have we broken the malware cement ceiling? Are we bringing malware to the masses?
We're making malware cool and badass by a combination of malware sprinkled with pictures of kitty cats
I saw KlezVirus do a write-up on callback abuse. I had this really silly idea of taking his proof-of-concept but nesting his proxy callbacks between nested callbacks from callbacks
Replace the printf stuff with malicious stuff or more callbacks
https://pastebin.com/raw/WeNbbkzv
People think Sha1-Hulud is behind TrustWallet ?!
Читать полностью…
Chat, we've solved the mystery of the Ubisoft Rainbow Six Siege incident. Unfortunately, I cannot go too deep into details (yet), but it is very silly.
Okay, we have FIVE GROUPS of people now.
GROUP ONE - Responsible for the Rainbow Six Siege incident, they gave away $339,000,000,000 worth of in-game currency and caused chaos. They're now sort of laying low.
GROUP TWO - Claims to have Ubisoft source code. They claimed it was from MongoBleed. This has been proven to be A LIE. However, they DO have internal things from Ubisoft. They lied how they achieved it (read more, GROUP FIVE)
GROUP THREE - Has been lying on Telegram claiming to have compromised Ubisoft. They're using fake data to try to intimidate Ubisoft, and Ubisoft customers, to pay them money. They're all lying.
GROUP FOUR - Very critical of GROUP TWO, calls GROUP TWO LIARS. GROUP FOUR says GROUP TWO is trying to bamboozle GROUP ONE
GROUP FIVE - GROUP FIVE appeared today and presented a comprehensive breakdown on the Ubisoft Rainbow Six Siege (and other) conflicts. GROUP FIVE illustrated step by step how all actions were performed. GROUP FIVE unveiled exactly how GROUP TWO managed to get access to Ubisoft internals (with photographic evidence). GROUP FIVE also provided code demonstrating how GROUP ONE did many things as well other things not reported. GROUP FIVE has a big swinging dick and isn't fucking around. GROUP FIVE is pretty hardcore, not even memeing. They're very intelligent and calculated in what they say and do. GROUP FIVE (probably) make and sell cheats for Ubisoft soft games and are very talented reverse engineers.
Ubisoft is well aware of GROUP ONE, GROUP TWO, GROUP FOUR, and GROUP FIVE. GROUP FIVE also provided a comprehensive breakdown on how Ubisoft knows things.
All of the groups listed, except GROUP THREE, know each other and operate loosely together, in some capacity, it's basically a hardcore community of gaming Ubisoft nerds.
Don't worry, Ubisoft, I'll keep your secrets safe. You and I (your company) probably understand what I'm referencing in this post.
GROUP FIVE has promised to do a write-up and technical breakdown at a later time which I can share publicly. However, they will not do it yet because of some stuff happening between GROUP ONE and GROUP TWO.
The anime saga has concluded.
> make short post, ambiguous to non-nerds
> erupts into 3.8k likes in minutes
> people misunderstood, interpret incorrect
> don't want to misinformation
> delete post
> rewrite post as detailed as possible to avoid confusion
> requires reading and understanding things
> 99.9% less engagement on it
I'm trying to notify this Web3 startup company they have a pretty severe vulnerability in one of their products.
The CEO of the company advertises his Telegram handle, but trying to contact him he charges $1.49 per message sent to him
Dude what the fuck?
> post about vuln billion dollar Italian company
> ppl say italy wont care
> italy gov contacts me
> ubisoft hacked and bamboozled
> tarkov auth bypass bamboozles
> trustwallet users drained of $9m on christmas
> more i cant say yet
Another day of internet schizophrenia.
Hello,
I have more silly news to share. Unfortunately I have torn the ligament that connects my pubic muscles to my hip, or something, I don't know. I don't understand it at all. However, I do understand my testicles are in immense pain and I am unable to move.
Once my testicular pain has resided I have silly news.
Thanks,
-smelly smellington
People are celebrating the Ubisoft drama like when Bin Laden died
Damn, y'all hate this company
inb4 no backups, everything is actually cooked
Читать полностью…
Ubisoft executives when they learn some nerds gifted more than the entire United States National Debt ($38,000,000,000,000) to a bunch of stinky gamers
Читать полностью…
I'd like to take a moment to give a big shout-out to my baby boy. I'm so proud of him.
He has begun crawling, kind of.
When placed on the floor he is capable of spinning 360degrees. He is capable of doing some kind of weird worm like maneuver and move backward.
Moving forward crawling continues to be challenging. He hasn't realized yet he can use his arms to move forward. He only uses his legs. Hence, he rests his face directly on the floor and uses his back legs to push forward. Instead of crawling he just slides his face on the floor while simultaneously screaming at the top of his lungs.
He's just like me, for real.
Guess that Pokemon! It's...
Vidar Information Stealer! Yay! It uses Telegram, and some weird Ukrainian domain, as a C2. Yay! Free information stealer malware campaign payload!
Smash that download button, fam
This is an absolutely absurd and silly idea. I don't even know the applicability and evasiveness behind it, but it's so outrageous it makes me giggle
Читать полностью…
Two of the most dangerous hackers on the planet.
Читать полностью…
Oh, and for the record, GROUP FIVE only appeared because they were annoyed GROUP TWO lied about getting data as a result of MongoBleed. They only came toward to dispell rumors and tell the other nerds to shut up
Читать полностью…
I have a bunch of people from India being mean to me because I wrote the Insider Threats that hurt some companies were worked off-shored to India
What do you want me to do? Lie? It's objectively true. I'm sorry large companies exploit your country, dawg
This a clarification post. I previously made a post about Ubisoft Insider Threats. However, I do not believe I was verbose enough and it lead to some confusion to people outside our core audience. Sorry. I'll explain in more detail to prevent confusion.
This is not related to the recent Rainbow 6 siege compromise and/or chaos which unfolded recently. This is a separate issue.
It was unveiled to me that since at least 2021 Ubisoft has had issues with Insider Threats from their Helpdesk personnel. Most notably, Helpdesk representatives from India, and other regions such as South Africa and Egypt, were allegedly accepting monetary bribes to give access to other users Rainbox Six Siege accounts. When Threat Actors were given Customer Support Representative access, Threat Actors could the following details on Ubisoft customers:
- Full legal name
- E-mail address
- Date of Birth
- Country
- Historical information (name changes)
- Computer address (IP address)
- Telephone number
Through this portal, Threat Actors could reset account passwords. In summary, Threat Actors were bribing customer support to dox people or steal their accounts.
It should be noted that this is not a unique issue exclusive to Ubisoft. Historically, Insider Threats have plagued companies such as xAI, PlayStation, T-Mobile, AT&T, The United States Government, Rockstar Games, Discord, Coinbase, and (probably) many more.
Ubisoft has internally taken action against rogue Helpdesk agents. However, despite their actions of firing these Bad Actors, or threatening them with legal action, the issue remains somewhat persistent.
As some Rainbow Six "hacker" or "leak scene" people pointed out, they do not believe this to be earth shattering news as people in this community have known about this, or utilized these techniques for years. I disagree with this assertion because I personally, as well as many others, were unaware of this issue.
While this is not related to the recent Rainbow Six incident, I still think it is interesting to share with a large audience. It illustrates issues these large companies face.
I have attached an image as proof of their Helpdesk employees demonstrating their access. This image is from June, 2025.
On today's episode of Dragon Ball Z
The FIRST GROUP is laying low after gifting everyone on Rainbow Six Siege $339,000,000,000,000 worth of in-game currency.
The SECOND GROUP has been having some conflicts with people on THE INTERNET. The story has changed. Initially I shared this group had compromised an internal Git repository, or something, and had stolen internal source code. Word is now that this was A LIE (or exaggeration) and they do not have as much material as they shared.
The THIRD GROUP is LYING. They did NOT compromise Ubisoft customer data (to the best of my knowledge) and they're trying to scare and intimidate Ubisoft or Ubisoft employees because ???
The FOURTH GROUP is also kind of laying low. They assert GROUP TWO is a bunch of jerks. Basically, to reiterate, the FOURTH GROUP thinks GROUP TWO has had some source code to Ubisoft for awhile BUT thinks GROUP TWO is trying to hide behind GROUP ONE and basically frame them, or something, I don't know.
There's also a bunch of IMPOSTER GROUP TWOs on the internet now. They are people lying trying to impersonate extortionists ... because ... don't understand why.
Will GROUP ONE let me talk more about how they bamboozled Ubisoft? Will GROUP ONE keep ignoring my DMs? Will GROUP TWO show more proof about their data exfiltration other than "cmon bro"? Will GROUP FOUR continue to have beef with GROUP TWO? Who is GROUP THREE and why did they lie about compromising Ubisoft customer data? Why are there now IMPOSTER GROUP THREE people?
Find out next time on Dragon Ball Z
Here is a silly image of someone logging into Rainbow Six Siege earlier today and receiving a deposit of over 2,100,000,000 credits.
15,000 credits is $99.99
$13,998,600 worth of in-game currency.
Unfortunately, it's been rolled back and the in-game currently is gone. Interestingly, this proves Ubisoft does indeed possess the capability to allow users to own and/or purchase over $13,000,000 worth of in-game purchases for micro-transactions
Rainbow 6 Siege announced a rollback will be occuring. Users who spent the $13,000,000 of in-game credits gifted to them by the Threat Actors will not be punished. However, the purchasers will be reversed.
Additionally, users who were banned by the Threat Actors will be unbanned.
The parties over.
Clarification post, previous post about Ubisoft lead to some confusion. That's my fault. I'll be more verbose. I was trying to compress the information into 1 singular post without it exceeding the word limit.
Here's the word on the internet streets:
- THE FIRST GROUP of individuals exploited a Rainbow 6 Siege service allowing them ban players, modify inventory, etc. These individuals did not touch user data (unsure if they even could). They gifted roughly $339,960,000,000,000 worth of in-game currency to players. Ubisoft will perform a roll back to undo the damages. They're probably annoyed. I cannot go into full details at this time how it was achieved.
- A SECOND GROUP of individuals, unrelated to the FIRST GROUP of individuals, exploited a MongoDB instance from Ubisoft, using MongoBleed, which allowed them (in some capacity) to pivot to an internal Git repository. They exfiltrated a large portion of Ubisoft's internal source code. They assert it is data from the 90's - present, including software development kits, multiplayer services, etc. I have medium to high confidence this true. I've confirmed this with multiple parties.
- A THIRD GROUP of individuals claim to have compromised Ubisoft and exfiltrated user data by exploiting MongoDB via MongoBleed. This group is trying to extort Ubisoft. They have a name for their extortion group and are active on Telegram. However, I have been unable to determine the validity of their claims.
- A FOURTH GROUP of individuals assert the SECOND group of individuals are LYING and state the SECOND GROUP has had access to the Ubisoft internal source code for awhile. However, they state the SECOND GROUP is trying to hide behind the FIRST GROUP to masquerade as them and give them a reason to leak the source code in totality. The FIRST GROUP and FOURTH GROUP is frustrated by this
Will the SECOND GROUP leak the source code? Is the SECOND GROUP telling the truth? Did the SECOND GROUP lie and have access to Ubisoft code this whole time? Was it MongoBleed? Will the FIRST GROUP get pinned for this? Who is this mysterious THIRD GROUP? Is this group related to any of the other groups?
Find out next time on Dragon Ball Z
To those who are non-nerds,
Yes, the situation is funny. (Un)fortunately in this scenario everything in game is now worthless because everyone has everything. What will most likely happen is Ubisoft will sigh, do a massive database roll back, or mass undo inventory stuff for players.
This isn't going to destroy their company or revenue. It will however annoy the shit out of them (leadership) and the developers because they're going to have to work to fix the issue during the holiday season.
My post is meant to be funny. I enjoy mocking the absurdity of the situation and poking fun at large companies who have oopsies like this.
Ubisoft executives when they hear the news someone has compromised Rainbow Six Siege and gifted $13,332,000 worth of in-game currency to roughly 30,000,000 active players, thus defrauding their company of an estimated $339,960,000,000,000
Читать полностью…
> wake up
> take a shit
> get out of bed
> push trash on desk into pile
> get on computer
> Rb6 hacked
> Tarkov people hacked
> MongoBleed dropped
> ???
Big drama on the internet today as several high-profile tarkov players had their account compromised.
Mass hysteria has erupted online. However, in an interesting twist of fate, the individual who claims responsibility for the compromises has come forward and explained how they exploited Escape From Tarkov's authentication system and effectively bypassed it.
The person responsible is (based on information they've provided) from Argentina. Their explanation is in Spanish. Here is the tl;dr and in English
"The Steam (OpenID) authentication system does not appear to be correctly validating the digital signature (openid.sig) or the response_nonce returned by the Steam servers. This allows an attacker to impersonate any user account simply by manually modifying the openid.identity and openid.claimed_id parameters in the return URL.
Vulnerable Endpoint example:
https://profile.tarkov.com/login/steam?openid.ns=http://specs.openid.net/auth/2.0&openid.mode=id_res&openid.op_endpoint=https://steamcommunity.com/openid/login&openid.claimed_id=
Vulnerable Parameter: openid.identity / openid.claimed_id
Steps to reproduce (Proof of concept):
- Start a legitimate Steam login process.
- Before the page loads the profile, intercept or modify the Steam response URL.
- Replace the SteamID64 at the end of the openid.claimed_id and openid.identity parameters with that of any other user.
- The server grants access to the profile of the user whose ID was entered, without having gone through the real login process of that account.
The individual goes on criticism the game company for their lack of security. He says all Steam users are impacted, including game developers.
The person responsible shared photos as proof
tl;dr Tarkov devs are going to have to do big work over the Holiday break to patch this before things get worse
For malware analysts, or nerds who care:
Initial access script SHA256:
aa3a9ed1e3b21845a6a0dfd5cef12661becbdb738e2a78adecbb2421785795c9
Payload SHA256:
58ed7f9d65b10b2501e5d080217ae79cd0d88ae0d784896ceac67abda03ab3ed
Delivery domain:
mscfg[.]cfd
C2:
hov[.]kievholod[.]kiev[.]ua
t[.]me/gal17d
Oh. My. God.
Santa (a/k/a Cuzie13) was a little late this Christmas, but bro still delivered. We got malicious AI generated advertisements on Snapchat
tl;dr fake windows activation, running command shown executes malicious powershell script that downloads malware