40629
The largest collection of malware source, samples, and papers on the internet. Password: infected https://vx-underground.org/
The United States economy is doing so bad financially motivated Threat Actors don't even want to steal from us Ameriburgers anymore. They're stealing from Mexicans now :(
Читать полностью…
Chat, I've changed my mind. We have some problems in the AI department.
It turns out someone compromised the Mexican government to an unbelievable extent using nothing but Claude and ChatGPT. I'll link the full paper in the subsequent post. However, here is the highlights of how an unknown Threat Actor "vibe hacked" the Mexico government.
Data stolen from...
1. SAT (Servicio de Administracion Tributaria) - Federal tax authority:
- 195 million taxpayer records
- 52 million directory records
2. Estado de Mexico - State government:
- 15.5M vehicle registry records
- 3.6M property owner records
3. Registro Civil de CDMX - Mexico City civil registry:
- 220M civil records
4. Jalisco state government:
- 50K patient records
- 17K domestic violence victim records
- 36K healthcare employee records
- 180K digital government records
5. INE (Instituto Nacional Electoral) - National electoral institute:
- 13.8K voter card records
6. Michoacan state government:
- 2.28M property records
- 2K user accounts with plaintext passwords
7. SADM Monterrey (Agua y Drenaje) Municipal water utility:
- 3.5K procurement and vendor records
- 5K procurement bid records
I woke up this morning curious as to what my peers had discovered about this cpuid shenanigans. I was not disappointed.
Several of my peers ripped this thing apart much more thoroughly than I did. I am immensely impressed by how neurotic some of you are when bonking malware with sticks (N3mes1s).
To make a long story short, the cpuid-dot-com compromise, CPU-Z malware, and HWMonitor malware campaign was performed using "STX Rat". STX Rat is a new malware family discovered around early March, 2026, and has been gaining some traction.
Interestingly, a really in-depth analysis of it was published April 8th, 2026 by eSentire (I'll link in subsequent post, research was performed by YungBinary). From my super quick bonking I was correct this cpuid malware campaign does indeed steal credentials. However, what I missed was that it also allows the Threat Actor remote desktop capabilities into your machine.
I also missed some of it's unusual hashing capabilities, .db Powershell persistence method, ... and some other really cool malware technologies it utilizes. This is NOT trash malware. The people who wrote this very clearly know what they're doing.
Very interesting stuff
Yeah, so pretty much this http://cpuid.com
malware is a pain in the ass. I'd have to spend a good bit of time trying to bonk it with a stick and reconstruct some of it. Whoever developed this malware actually cares about evasion and made some intelligent decisions when developing this malware payload.
This appears to only impact HWMonitor 64bit. It appears (based on user reports) cpuid became malicious around 7PM EST, April 10th, 2026. However, it is possible it was much earlier than this, this is just when people began noticing and discussing it online.
From an extremely high-level overview, it appears the ultimate goal of this malware is data theft, specifically browser credentials. However, I could be wrong in that assessment, but I'm fairly confident in it. I'm guessing this is the end goal because when I emulated it I can see it messing with Google Chrome's IElevation COM interface (trying to dump and decrypt saved passwords). However, between this it does a bunch of other stuff too.
1. They (an unknown Threat Actor) compromised http://cpuid.com
to deliver malware from HWMonitor. It impacts the actual installer as well as the portable installer. It downloads stuff from supp0v3-dot-com, the same domain used from a previous malware campaign targeting FileZilla in the beginning of March, 2026 initially reported by MalwareBytes.
2. HWMonitor comes packaged with a malicious CRYPTBASE.dll. CRYPTBASE.dll is a legitimate Windows library, but they made a fake one to blend in (malware masquerading). This DLL is responsible for connecting to their C2 and downloading the other malware stages.
3. It tries to detect emulation and prevent reverse engineering by checking for the presence of specific registry keys on the machine. However, they failed doing this and didn't account for everything. Notably, they only check for VirtualBox (whomp, whomp).
4. It downloads a .cs file from a remote C2 and then compiles it manually on the machine by invoking .NET stuff. This is an interesting strategy. It does all of this via Powershell (LOLBIN nonsense).
5. The .cs file it compiles is a .NET binary with NTDLL exports. The main HWMonitor binary performs process injection using this compiled .NET binary. This is an interesting strategy.
6. Almost everything it does is performed in-memory. I would have to do through this and manually bonk all of this stuff with a stick and determine precisely how it operates. However, I don't think that is necessary because at this point we know this is malware and we know it's trying to steal browser credentials.
+2 points for IElevation COM Interface credential dumping
+1 point for inline Powershell CLI DLL compilation
+1 point for .NET assembly NTDLL export proxying
-1 point for botched anti-emulation
+2 points for website compromise and supply chain attack
+1 point for memory persistence
-3 points for recycling the same C2 from March, 2026 campaign
Overall I give this malware a B-. This is pretty good malware.
Here is a silly explanation
> company gets bamboozled
> fires, explosions, people screaming at the sky
> bystanders pointing saying "omg"
> literally screaming, crying, throwing up
> threat intel all over it
> cybercrime tmz all over it (that includes me)
> DFIR nerds come in
> DFIR contain the crime scene
> DFIR tells businesses to clam down
> DFIR tell people "nothing to see here"
> look inside
> TeamPCP
> AV vendors begin building rules
> Threat Intels say: "hmph, interesting"
> Threat Actors say: "ooga booga"
> quiet, eerily quiet
> DFIR working, AV working, lawyers lawyering
> Threat Actor probably extorting
> fire is put out, now people have to clean up mess
> no fire? no interesting
> clean up is LAME and for NOT EXCITING
> Threat Actor creep back into the shadows
> DFIR angry in quiet
> Lawyers lawyer in quiet
> Threat Intel do the internet stalking
> customers do the lawsuits
> th—
> BOOM EXPLOSION
> "wtf was that???"
> everyone turns to their left
> wh—
> NEW FIRE!! NEW EXPLOSIONS!!!
> bystanders pointing saying "omg"
> literally screaming, crying, throwing up
> threat intel all over it
> cybercrime tmz all over it (that includes me)
> DFIR nerds come in
> DFIR contain the crime scene
> DFIR tells businesses to clam down
> DFIR tell people "nothing to see here"
> look inside
> (not TeamPCP, different Threat Actor)
... and then repeat this cycle about 100 times a week but for different countries, different companies, and different Threat Actors.
And while everyone is focusing on a different fire and explosion Threat Actors are shifting focus, laundering money, cleaning up, or scouting new targets. Blue Team is suffocating from the sheer volume of crime while AI nerds say shit like "cybersecurity is dead" (it is, don't go into cybersecurity)
tl;dr it's the cycle of life
>Hacking is illegal and for nerds
>"Uhm, actually, hacking isn't illegal. Hac....."
SILENCE NORMIE
hey NZXT, i'm exploring your gaming pcs. i see your player 3 model only has 2tb of storage.
is it possible to add an additional 9,998tbs of storage to it? how much would that cost?
I'm trying to download this Chinese government super computer leak thingy. It's 10pb (10,000 Terabytes).
However, my computer only has 10TB of storage.
I went to Amazon and tried ordering some harddrives. The largest size available for bulk purchase was 12TB.
They asked how many I needed, I said I needed about 834. My total price was $275,211.66 + tax and shipping.
Then these jerks have the NERVE to say "OhhHh wE CanT MaiL yoU 834 12TB DrIveS"
WHY IS AMAZON CENSORING ME? I THOUGHT THIS WAS AMERICA
AI is amazing. I am extremely pro-AI
1. It has lowered the barrier of entry for programmers, resulting in hundreds upon hundreds of slop applications vulnerable to everything. This is job security.
2. AI influencers keep saying AI is going to destroy cybersecurity. This is good. AI influencers don't understand the size and scope of cybersecurity, they think it's just smashing a keyboard and making cat noises. This makes people less likely to enter our field, making us more valuable, making us more money. It's job security. Keep telling people cybersecurity is dead.
3. It's given us a new area of research: AI security
4. It's made task automation easier with slop Python scripts.
In summary, cybersecurity is dead. DO NOT try to work in this field. It's all over. Cybersecurity has been solved!
Ah yes, 10PB of data is on sale on Breached with sample data on Mega
Goofy ass CNN
Iran wants to be paid in cryptocurrency for ships that pass through the Strait of Hormuz
https://www.ft.com/content/02aefac4-ea62-48db-9326-c0da373b11b8
The sheer volume of malware reports is suffocating. If a noob sat down and read the reports everyday, within a month they'd go from noob to big brain galaxy malware nerd
It would also require immense focus because it'd be a lot of reading
In 2025 science was conducted. After careful review, we determined it takes 3 ½ thingies of mayonnaise to fill up a Dell Optiplex.
New science must be performed. Mayonnaise is too expensive, we need to know how many thingies of Ranch dressing can fill a Dell.
Previous science:
Average United States citizen age 30 - 39 (hes literally me)
Читать полностью…
Last time on Dragon Ball Z:
The United States government threatened to destroy Iranian critical infrastructure, notably bridges and electrical grids.
Today the Iranian government responded by publishing (an incredibly dramatic) video threatening United States tech bros
Analysis from eSentire:
https://www.esentire.com/blog/stx-rat-a-new-rat-in-2026-with-infostealer-capabilities
CPU-Z and HWMonitor nerd (d0cTB) put out a statement.
Compromise was present for approx. 6 hours. This is an extremely short period of time.
Also, extremely fast response by the nerds at cpuid.
Mr. Titus Tech is correct. cpuid-dot-com is indeed delivering malware right now.
As I began poking this with I stick I discovered this is not your typical run-of-the-mill malware. This malware is deeply trojanized, distributes from a compromised domain (cpuid-dot-com), performs file masquerading, is multi-staged, operates (almost) entirely in-memory, and uses some interesting methods to evade EDRs and/or AVs such as proxying NTDLL functionality from a .NET assembly.
The C2 domain present in one of the binaries is a clear IoC. This is the same Threat Group who was masquerading FileZilla in early March, 2026. They've been busy.
I made a series of posts similar to this one designed to illustrate how astronomically absurd 10pb of data is.
It (somehow) transformed into a bunch of stinky nerds arguing about storage costs, architectural requirements, local storage vs. cloud storage, etc.
I need 10,000 Terabytes of storage to review this Chinese super computer leak thingy. Amazon won't mail me 834 12TB harddrives at $275,211.66 + tax and shipping.
Someone advised I go an alternate route and use 8gb USB sticks. They're cheaper and more readily available. Brilliant.
If my math is correct, I'll need about 1,280,000 8gb USB sticks. Simple.
However, BestBuy and Amazon won't let me purchase 1,280,000 8gb USB sticks. WHAT IS GOING ON?>? WHY NOT?
Even ChatGPT is trying to CENSOR me
oHhH yOu DoNt bUy 10 PetaByTeS thAt iS EntErPriSe teRRiTory
DON'T TELL ME HOW TO LIVE MY LIFE CHATGPT
"According to reporting by Bloomberg, about half of the data centers slated to open in the US in 2026 will either face delays or outright cancellations."
Читать полностью…
Each year more people people die from Shark Attacks than Cyber Attacks.
Do not be afraid of the internet
Chinese government super computer (allegedly) compromised and (allegedly) 10PB exfiltrated.
The source is CNN.
Something about this story is very strange to me. I've been doing cybersecurity stuff for a long, long time. I'm usually on top of most cybersecurity incidents, whether I discuss it publicly or not, yet I have not heard of this story and I have not seen the moniker "FlamingChina" before.
Furthermore, none of my colleagues have mentioned this compromise to me.
I'm very curious who these cybersecurity experts are who they cite in the article.
I'm also very curious on the 10 PETABYTES of data exfiltrated because they is an unfathomable number.
10PB is 10,000 TB. Even in cold storage that's roughly $43,000/month. If it's "hot storage" you're looking at something like, $150,000/month, that doesn't even include the fees for moving the data which would be ASTRONOMICAL.
Very very strange
Microsoft suspended the developer account for WireGuard (and also VeraCrypt).
Why? Literally nobody knows. Presumably it's because Microsoft hates everyone and wants us all to suffer.
Big news for the unemployed today whereas an anonymous source tells media outlets about CIA tool "Ghost Murmur". GHOST MURMUR was allegedly used to track down the United States airmen who the Iranian government shot down.
"Ghost Murmur is a classified CIA tool developed by Lockheed Martin's Skunk Works. It uses long-range quantum magnetometry to detect the faint electromagnetic signature of a human heartbeat from up to 40 miles away, then pairs that data with AI to isolate it from background noise."
Do you have any idea how faint a heartbeat is? Detecting it from 40 MILES away? Using .. AI?
Nice propaganda, CIA
> post meme, memeing ai
> ai bros go spazzo
> seem incapable of understanding humor
> "this isnt real"
> "grok, is this real?"
> "mine doesnt do this"
> "what prompt did you use?"
Believe it or not, this was peak AI summarization. This is basically AGI
Читать полностью…
also, on the forreal though, it was an honest mistake, you could have just told me or something, i would have happily corrected it like i am now, you dont gotta be a dick about it, assholes
sheesh