40629
The largest collection of malware source, samples, and papers on the internet. Password: infected https://vx-underground.org/
Hello,
I have received more things from DEFCON. I appreciate the gifts all of you have sent.
Thank you, XINTRA, for the sticker of the anime lady with obnoxiously large breasts. I don't know where I'll place it, but I appreciate it.
Research paper: https://arxiv.org/pdf/2601.09625
Читать полностью…
Nerds have gotten access to the ICE subreddit (???) and archived it publicly.
1. Why is there an ICE subreddit
2. Why are ICE people using Reddit
3. Why was it even accessible
4. ???
I don't understand anything
> see post online
> us military offensive cyber warfare division
> click profile
> they follow me
> wtf?
> theyre following me?
> is the us military using my website to study malware?
> *follow back*
In retrospect, the first three months of my son's life was like the dark ages. All I did was watch anime in complete silence, praying to any God that would answer my prayers, that my wife and I could sleep for just a few hours.
Nonstop anime for 90 days, per the recommendation of my peers and colleagues, was bad. I haven't watched anime ever since. I feel like I was trapped in some kind of CIA MK Ultra experiment. My brain is fried. I have this urge to move to a remote cabin and ... enjoy nature.
Got fixed fast af boi
https://x.com/chen9918b/status/2018726412317085953
Dear Tiny People Living Inside My Computer,
As many of you probably recall, somewhere between 2021 and 2023, it was critical "monkey bonk" was utilized to deter bad actors.
Times have changed. We no longer live in peace. The monkey bonk is back.
B-B-B-B-B---BUT VX-UNDERGROUND, DISCORD HAD A COMPROMI---- IT WAS HAACK----
And you're all still using the platform and continue paying $9.99/month for Nitro (you need to boost your favorite video game streamers server, you get extra perks, they might acknowledge your existence).
I idle in tons of Discord's that nerds invite me into. I see you dorks with your flashy backgrounds and goofy ass names with all the different colors and shit.
No, it doesn't make you look cool or 1337. We know you whipped out ol' faithful (your Credit Card) and dropped $19.99 on the flash animation, $8.99 for the pop-ups, and an additional $14.99 for that cool Overwatch sticker.
We all know you're not going to use TeamSpeak, or Matrix, or Telegram, or whatever else. You're going to say "ooga booga this bad", but then do it anyway.
Discord is only popular because it's convenient.
It's shrimple to use, shrimple to install, and requires almost no critical thought to configure.
The masses do not care about security, or privacy, or whatever. They want easy.
tl;dr discord normiemogged teamoids
This all lines up with what SmartLoader did in August.
tl;dr haven't changed shit
https://asec.ahnlab.com/en/89551/
More information: https://www.theverge.com/tech/875309/discord-age-verification-global-roll-out
Читать полностью…
"when i ran it smelly, windows deleted the malicious jar file"
THE MALICIOUS JAR FILE?! WHERE THE FUCK IS THE JAR FILE
> jar inside .js inside .zip inside .png inside .asar inside .exe
What the actual fuck is your problem? Why do you people keep finding weird ass obfuscated Electron.JS malware?
Читать полностью…
I'm still sick. I've basically got dysentery from this Influenza Type A. I'm not sure what's worse, pissing out my ass or working with obfuscated Lua. Right now I'm thinking I'd prefer pissing out my ass
Читать полностью…
WHO IS PUTTING UP THESE POSTERS IN LONDON
Is this some kind of esoteric Britbong humor us Ameriburgers aren't familiar with?
Hello,
Last year people who attended DEFCON wanted to gift things to me. I have received them. I do not understand this sticker one of you sent me.
What does "Peg A Fed" mean?
Academics nerds published a research paper a few days about LLM malware and their argument for a new classification of malware dubbed "Promptware".
X fucks up links a lot, they don't display properly, so the link to their academic paper will be in the post subsequent to this one.
As is tradition, their academic paper is just a bunch of goobers being all philosophical about shit and including a bunch of fancy pictures and graphs.
I unironically sat here and read most of this paper.
Is there argument valid?
Yes, but some of the examples provided are theoretical and have not existed in-the-wild (yet?). They do however provide real-life examples of LLM payloads which have been successful. I personally have not seen these techniques described, but they provided citations and they are indeed real.
I do malware stuff everyday (collecting, reverse engineering, development) and I have not seen any of the papers they reference. This paper has demonstrated, unironically, there is a gap right now between LLM research and malware research. In essence, we are at the point now where LLM research is now bleeding into malware research and malware nerds may have to pay more attention.
I am now a believer. LLM malware is indeed real and will become a thing. I give these academic nerds two (2) cat pictures for this interesting paper. This is the first academic paper I've read in awhile that I actually think isn't complete dog shit.
My main criticism however is they kind of butcher some malware terminology. For example, they incorrectly refer to some of this LLM malware stuff as Polymorphic, but this is not polymorphic ... unless we get really, really, really flexible with definition of polymorphic malware and we make it more akin to high-level class inheritance polymorphism. It doesn't really matter that much though because I understand what they're trying to convey.
I like to imagine a bunch of military bros at some fuckin base wanting updates on malware and I'm just schizo ranting about my general distrust for the United States government and spamming cat pictures
Читать полностью…
Hello,
More updates being pushed to prod tomorrow. Also have some mildly interesting news to share related to something we sometimes do.
Additionally, my son will be turning 1 years old soon. Feel old yet?
Cheers,
-smelly smellington
The new AI powered Notepad on Windows 11 was found having a Remote Code Execution 0day
Hot take: text editors don't need network functionality
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
ok sorry if i sound extra critical, it's just weve had this conversation before with other things in the past and nothing really changes, so now i need to be mean.
ily ok? im just grumpy and eepy.
Discord knows everyone will bitch and moan on the internet, SOBBMAXXING, but 99.9% of people will hand over their identification. They'll be scared, or reluctant, but they'll do it anyway so they can keep their yellow badge in their Harry Potter Fan Fiction Roleplay Discord
Читать полностью…
For those curious regarding Epstein files redactions and general information: based on Mr. Massie's visit to the United States Department of Justice today, and his "hint" of this being from "A Sultan", this implicates Sultan Ahmed bin Sulayem.
Around April, 2009, footage was leaked of Issa bin Zayed Al Nahyan a/k/a "Isa", son of Zayed bin Sultan Al Nahyan, beating an Afghanistan merchant. In the video, Isa does the following:
- Hog ties him
- Beats the man with a wooden plank, with nails protruding
- Fires an automatic weapon around the man
- Forces a cattle prod into the mans anus
- Places the cattle prod onto the man
- Runs the man over with a Mercedes SUV
- Ignites the mans genitals with lighter fluid
- Pours salt on the wounds
All of this was performed while Abu Dhabi police were present (seen in the video).
Issa bin Zayed Al Nahyan was found not guilty in court. The Judge proceeding over the case did not explain why Isa was exonerated on all charges.
This appears to be the video Epstein "loved".
tl;dr SmartLoader malware campaign, multi-staged obfuscated Lua payload to evade detection, currently very effective. Interesting malware find.
Some nerd named bleuonbase was looking for some random "Effect-native SDK" (whatever that is), the 2nd indexed URL on Google was a spoopy looking GitHub repo.
He showed it to me. I was bored (I'm very sick), so I poked it with a stick. To make a long story short, this looks like a new malware campaign from SmartLoader
The thing is an obfuscated Lua Loader and it comes packaged with the traditional Lua dependency junk (Lua JIT and DLL). The payload launches from a .cmd which just passes a .txt to the Lua JIT binary. This is all standard stuff for SmartLoader from early and mid 2025.
If you're curious, lookup the SHA256 for the obfuscated Lua script on VirusTotal: c36ce9080f624c14dd4e1d451228293f786168f4de2d35690d2cffb6cccbae87 (Image 1)
You'll see some of the other thing it's trying to masquerade as. This is all very silly shenanigans.
It's currently exfiltrating to some German IP address and inserting fake Cloudflare headers to make it look like it's Cloudflare: 213.176.73.145
Look up that IP address on VirusTotal and you'll see even more silly shenanigans (Image 2)
Oh, and uses Socket3.lua for stuff, I've uploaded that to VirusTotal and Triage. Was not seen on VT before: f2e4088ebf9d98bcc7cccff153a26a786927ae8de570889af160e695b35d1624
Starting March, 2026, Discord will require a facial scan or copy of your government issued ID to use 'adult features' on Discord such as participating in stages or viewing Discords and/or channels marked as 18+
Читать полностью…
> "hey smelly i ran this game, is it malware?"
> doubt_it.png
> bored
> look inside
> game
> look inside
> electron app
> look inside
> weird .png embedded inside
> look inside
> electron app inside png
> wtf
> look inside
> .zip inside png inside of electron app
> wtf
> look inside
> electron app
> ???
> .js inside .zip inside .png inside .asar inside .exe
> look inside
> heavily obfuscated
> Find malware campaign
> Check VT
> (Looks) New
> Currently undetected
> Look inside
> Obfuscated Lua
Seriously? Lua? You guys are a bunch of sick fucks
I'm really sick (STILL), don't have mental capacity to shit talk Microsoft, or talk about some weird malware shit, or describe the latest Epstein computer-related gossip and news.
I'm going to steal memes from /g/ Tech Meme's and crawl back into bed.