40629
The largest collection of malware source, samples, and papers on the internet. Password: infected https://vx-underground.org/
1 year olds are far more exhausting than 6 month olds.
Parents warned me. They were correct.
Bro HAS to put ALL FOOD on his head.
- Beans
- Soup
- Mac and Cheese
- Strawberries
- Blueberries
If he doesn't rub it on his head, or eat it, he throws it on the floor.
I'm tired.
Dear Threat Actors,
I typically do not reply on weekends. I am busy doing stuff with my 1 year old son. Please send your e-mails during regular business hours M-F so I have an opportunity to send silly pictures of kitty cats.
Thanks,
-smelly
For the record, I'm not mad at this person or bothered by the comment.
The extreme hostility from what I believed to be a relatively benign clip made me audibly laugh.
Bro DOES NOT like LTT.
I guarantee you half you stinky nerds reading this right now have consumed more than 200mg and it's only noon (in parts of the United States).
I'm sorry to her parents, I'd be devastated, but 200mg of caffeine is nothing
I don't care what those nerds at Kaspersky say, I stand by my opinion STX Rat is a solid B- malware.
Yeah, the cpuid-dot-com operation was a gigantic fumble, but the malware is pretty neat, far superior to the generic crimeware you find online.
I'm happy LTT included the cat
The United States economy is doing so bad financially motivated Threat Actors don't even want to steal from us Ameriburgers anymore. They're stealing from Mexicans now :(
Читать полностью…
Chat, I've changed my mind. We have some problems in the AI department.
It turns out someone compromised the Mexican government to an unbelievable extent using nothing but Claude and ChatGPT. I'll link the full paper in the subsequent post. However, here is the highlights of how an unknown Threat Actor "vibe hacked" the Mexico government.
Data stolen from...
1. SAT (Servicio de Administracion Tributaria) - Federal tax authority:
- 195 million taxpayer records
- 52 million directory records
2. Estado de Mexico - State government:
- 15.5M vehicle registry records
- 3.6M property owner records
3. Registro Civil de CDMX - Mexico City civil registry:
- 220M civil records
4. Jalisco state government:
- 50K patient records
- 17K domestic violence victim records
- 36K healthcare employee records
- 180K digital government records
5. INE (Instituto Nacional Electoral) - National electoral institute:
- 13.8K voter card records
6. Michoacan state government:
- 2.28M property records
- 2K user accounts with plaintext passwords
7. SADM Monterrey (Agua y Drenaje) Municipal water utility:
- 3.5K procurement and vendor records
- 5K procurement bid records
I woke up this morning curious as to what my peers had discovered about this cpuid shenanigans. I was not disappointed.
Several of my peers ripped this thing apart much more thoroughly than I did. I am immensely impressed by how neurotic some of you are when bonking malware with sticks (N3mes1s).
To make a long story short, the cpuid-dot-com compromise, CPU-Z malware, and HWMonitor malware campaign was performed using "STX Rat". STX Rat is a new malware family discovered around early March, 2026, and has been gaining some traction.
Interestingly, a really in-depth analysis of it was published April 8th, 2026 by eSentire (I'll link in subsequent post, research was performed by YungBinary). From my super quick bonking I was correct this cpuid malware campaign does indeed steal credentials. However, what I missed was that it also allows the Threat Actor remote desktop capabilities into your machine.
I also missed some of it's unusual hashing capabilities, .db Powershell persistence method, ... and some other really cool malware technologies it utilizes. This is NOT trash malware. The people who wrote this very clearly know what they're doing.
Very interesting stuff
Yeah, so pretty much this http://cpuid.com
malware is a pain in the ass. I'd have to spend a good bit of time trying to bonk it with a stick and reconstruct some of it. Whoever developed this malware actually cares about evasion and made some intelligent decisions when developing this malware payload.
This appears to only impact HWMonitor 64bit. It appears (based on user reports) cpuid became malicious around 7PM EST, April 10th, 2026. However, it is possible it was much earlier than this, this is just when people began noticing and discussing it online.
From an extremely high-level overview, it appears the ultimate goal of this malware is data theft, specifically browser credentials. However, I could be wrong in that assessment, but I'm fairly confident in it. I'm guessing this is the end goal because when I emulated it I can see it messing with Google Chrome's IElevation COM interface (trying to dump and decrypt saved passwords). However, between this it does a bunch of other stuff too.
1. They (an unknown Threat Actor) compromised http://cpuid.com
to deliver malware from HWMonitor. It impacts the actual installer as well as the portable installer. It downloads stuff from supp0v3-dot-com, the same domain used from a previous malware campaign targeting FileZilla in the beginning of March, 2026 initially reported by MalwareBytes.
2. HWMonitor comes packaged with a malicious CRYPTBASE.dll. CRYPTBASE.dll is a legitimate Windows library, but they made a fake one to blend in (malware masquerading). This DLL is responsible for connecting to their C2 and downloading the other malware stages.
3. It tries to detect emulation and prevent reverse engineering by checking for the presence of specific registry keys on the machine. However, they failed doing this and didn't account for everything. Notably, they only check for VirtualBox (whomp, whomp).
4. It downloads a .cs file from a remote C2 and then compiles it manually on the machine by invoking .NET stuff. This is an interesting strategy. It does all of this via Powershell (LOLBIN nonsense).
5. The .cs file it compiles is a .NET binary with NTDLL exports. The main HWMonitor binary performs process injection using this compiled .NET binary. This is an interesting strategy.
6. Almost everything it does is performed in-memory. I would have to do through this and manually bonk all of this stuff with a stick and determine precisely how it operates. However, I don't think that is necessary because at this point we know this is malware and we know it's trying to steal browser credentials.
+2 points for IElevation COM Interface credential dumping
+1 point for inline Powershell CLI DLL compilation
+1 point for .NET assembly NTDLL export proxying
-1 point for botched anti-emulation
+2 points for website compromise and supply chain attack
+1 point for memory persistence
-3 points for recycling the same C2 from March, 2026 campaign
Overall I give this malware a B-. This is pretty good malware.
Here is a silly explanation
> company gets bamboozled
> fires, explosions, people screaming at the sky
> bystanders pointing saying "omg"
> literally screaming, crying, throwing up
> threat intel all over it
> cybercrime tmz all over it (that includes me)
> DFIR nerds come in
> DFIR contain the crime scene
> DFIR tells businesses to clam down
> DFIR tell people "nothing to see here"
> look inside
> TeamPCP
> AV vendors begin building rules
> Threat Intels say: "hmph, interesting"
> Threat Actors say: "ooga booga"
> quiet, eerily quiet
> DFIR working, AV working, lawyers lawyering
> Threat Actor probably extorting
> fire is put out, now people have to clean up mess
> no fire? no interesting
> clean up is LAME and for NOT EXCITING
> Threat Actor creep back into the shadows
> DFIR angry in quiet
> Lawyers lawyer in quiet
> Threat Intel do the internet stalking
> customers do the lawsuits
> th—
> BOOM EXPLOSION
> "wtf was that???"
> everyone turns to their left
> wh—
> NEW FIRE!! NEW EXPLOSIONS!!!
> bystanders pointing saying "omg"
> literally screaming, crying, throwing up
> threat intel all over it
> cybercrime tmz all over it (that includes me)
> DFIR nerds come in
> DFIR contain the crime scene
> DFIR tells businesses to clam down
> DFIR tell people "nothing to see here"
> look inside
> (not TeamPCP, different Threat Actor)
... and then repeat this cycle about 100 times a week but for different countries, different companies, and different Threat Actors.
And while everyone is focusing on a different fire and explosion Threat Actors are shifting focus, laundering money, cleaning up, or scouting new targets. Blue Team is suffocating from the sheer volume of crime while AI nerds say shit like "cybersecurity is dead" (it is, don't go into cybersecurity)
tl;dr it's the cycle of life
>Hacking is illegal and for nerds
>"Uhm, actually, hacking isn't illegal. Hac....."
SILENCE NORMIE
hey NZXT, i'm exploring your gaming pcs. i see your player 3 model only has 2tb of storage.
is it possible to add an additional 9,998tbs of storage to it? how much would that cost?
I'm trying to download this Chinese government super computer leak thingy. It's 10pb (10,000 Terabytes).
However, my computer only has 10TB of storage.
I went to Amazon and tried ordering some harddrives. The largest size available for bulk purchase was 12TB.
They asked how many I needed, I said I needed about 834. My total price was $275,211.66 + tax and shipping.
Then these jerks have the NERVE to say "OhhHh wE CanT MaiL yoU 834 12TB DrIveS"
WHY IS AMAZON CENSORING ME? I THOUGHT THIS WAS AMERICA
AI is amazing. I am extremely pro-AI
1. It has lowered the barrier of entry for programmers, resulting in hundreds upon hundreds of slop applications vulnerable to everything. This is job security.
2. AI influencers keep saying AI is going to destroy cybersecurity. This is good. AI influencers don't understand the size and scope of cybersecurity, they think it's just smashing a keyboard and making cat noises. This makes people less likely to enter our field, making us more valuable, making us more money. It's job security. Keep telling people cybersecurity is dead.
3. It's given us a new area of research: AI security
4. It's made task automation easier with slop Python scripts.
In summary, cybersecurity is dead. DO NOT try to work in this field. It's all over. Cybersecurity has been solved!
Ah yes, 10PB of data is on sale on Breached with sample data on Mega
Goofy ass CNN
Bro is sending me e-mails from a (extremely convincing) Police Department ON A SATURDAY.
Dawg, Saturday I am in SHAMBLES. I am trying to survive with this baby. Do you have any idea how often these things defecate and eat? It's unreal
> be me
> mentioned by LTT
> large YouTube channel
> "oh that's cool, I'm on TV"
> show the clip where mentioned
> check comments
I don't want to assume anything, but I think this person dislikes LTT and now dislikes me for being shown on his recent video.
Read a tragic story today about a 17 year old girl in the United States who died from "excessive caffeine usage".
I felt bad for the parents. If I lost my son I don't think I would be able to cope with the loss of my baby boy.
The story went on to explain the young woman's parents are suing the energy group company (Alani) for not adequately explaining the dangers of caffeine.
I was curious... How much caffeine was she consuming? According to her official death report she died from 200mg of caffeine
200 MG OF CAFFEINE?!
Peace and love to the parents, but dawg 200mg of caffeine isn't fucking shit. That is amateur hour. That is well within the daily recommended limit of caffeine consumption.
I DARE her parents to go to any IT place (cybersecurity, networking, programming, etc) and fucking look around the room for 2 seconds. They would be FLABBERGASTED.
I myself personally consume 600mg - 800mg of caffeine a day.
I know this lady who does malware stuff who unironically drinks coffee ALL DAY LONG. Every other word out here mouth is, "excuse me for a moment, I need to make another pot of coffee", and she's probably ingesting 1.6 GRAMS of caffeine.
One of my colleagues is an ex-military guy WHO DRINKS WORKOUT SUPPLEMENT because his caffeine tolerance is so high.
Don't even get me started on the nerds who take no-doz (caffeine pills).
Then combine all of this caffeine with the nerds drinking alcohol, or smoking cigarettes, or weed, or vape, or Adderall.
Her parents are trying to make a cash grab or something, I don't know bro.
RockStar Games being extorted (again)
ShinyHunters were able to get data from Rockstar Games by compromising a third-party entity (Anodot) which allowed them to pivot to SnowFlake which allowed them pivot to RockStar Games data.
What data they were able to get is unknown.
Analysis from eSentire:
https://www.esentire.com/blog/stx-rat-a-new-rat-in-2026-with-infostealer-capabilities
CPU-Z and HWMonitor nerd (d0cTB) put out a statement.
Compromise was present for approx. 6 hours. This is an extremely short period of time.
Also, extremely fast response by the nerds at cpuid.
Mr. Titus Tech is correct. cpuid-dot-com is indeed delivering malware right now.
As I began poking this with I stick I discovered this is not your typical run-of-the-mill malware. This malware is deeply trojanized, distributes from a compromised domain (cpuid-dot-com), performs file masquerading, is multi-staged, operates (almost) entirely in-memory, and uses some interesting methods to evade EDRs and/or AVs such as proxying NTDLL functionality from a .NET assembly.
The C2 domain present in one of the binaries is a clear IoC. This is the same Threat Group who was masquerading FileZilla in early March, 2026. They've been busy.
I made a series of posts similar to this one designed to illustrate how astronomically absurd 10pb of data is.
It (somehow) transformed into a bunch of stinky nerds arguing about storage costs, architectural requirements, local storage vs. cloud storage, etc.
I need 10,000 Terabytes of storage to review this Chinese super computer leak thingy. Amazon won't mail me 834 12TB harddrives at $275,211.66 + tax and shipping.
Someone advised I go an alternate route and use 8gb USB sticks. They're cheaper and more readily available. Brilliant.
If my math is correct, I'll need about 1,280,000 8gb USB sticks. Simple.
However, BestBuy and Amazon won't let me purchase 1,280,000 8gb USB sticks. WHAT IS GOING ON?>? WHY NOT?
Even ChatGPT is trying to CENSOR me
oHhH yOu DoNt bUy 10 PetaByTeS thAt iS EntErPriSe teRRiTory
DON'T TELL ME HOW TO LIVE MY LIFE CHATGPT
"According to reporting by Bloomberg, about half of the data centers slated to open in the US in 2026 will either face delays or outright cancellations."
Читать полностью…
Each year more people people die from Shark Attacks than Cyber Attacks.
Do not be afraid of the internet
Chinese government super computer (allegedly) compromised and (allegedly) 10PB exfiltrated.
The source is CNN.
Something about this story is very strange to me. I've been doing cybersecurity stuff for a long, long time. I'm usually on top of most cybersecurity incidents, whether I discuss it publicly or not, yet I have not heard of this story and I have not seen the moniker "FlamingChina" before.
Furthermore, none of my colleagues have mentioned this compromise to me.
I'm very curious who these cybersecurity experts are who they cite in the article.
I'm also very curious on the 10 PETABYTES of data exfiltrated because they is an unfathomable number.
10PB is 10,000 TB. Even in cold storage that's roughly $43,000/month. If it's "hot storage" you're looking at something like, $150,000/month, that doesn't even include the fees for moving the data which would be ASTRONOMICAL.
Very very strange