40629
The largest collection of malware source, samples, and papers on the internet. Password: infected https://vx-underground.org/
> be Zuckerberg
> needs AI everywhere (apparently)
> lays off a bunch of employees
> replaces with AI
> fast forward
> AI is dog shit
> AI tricked into stealing accounts
> try to fix
> fail like 5 times
> product now leaking CEOs PII
AI truly is the future, wow
Meta is still having some minor security problems. Instagram is currently exposing phone numbers and email addresses associated with accounts when trying to perform a password reset
This is cool and badass because everyone is sharing Mark Zuckerbergs phone number right now
Ah ha! I've got an idea! I cover every inch of the website with big dick pill advertisements.
Читать полностью…
> see someone discussing position independent code
> "no need to walk peb"
> look inside
> invokes VirtualQuery
> ???
In other news, MalwareTechBlog released a Comodo Internet Security exploit.
It's a remote DoS
I love all these silly shenanigans
https://malwaretech.com/2026/06/exploiting-a-remote-kernel-vulnerability-in-comodo-internet-security.html
Microsoft introduces Microsoft Scout, also known as Autopilot.
Scout is always on and has file system and application access "based on your corporate policy".
Best news for Threat Actors in a long time
https://www.microsoft.com/en-us/microsoft-365/blog/2026/06/02/introducing-microsoft-scout-your-always-on-personal-agent/
Pretty slow couple of days in cybersecurity, only 15 companies hit by ransomware, only 18,000,000 malwares noted in the wild, only three or four North Korean and Russian cyber operations discussed, and only two new Microsoft 0days
Читать полностью…
Yeah, so pretty much this guy is releasing an exploit in solidarity with Nightmare Eclipse guy. He said he notified GitHub about the exploit 60 minutes before releasing this paper.
I don't do web stuff, and I'm not a VSCode nerd, so I'm confused by the underlying technologies.
If you're a stinky GitHub and VSCode nerd maybe you'll understand.
tl;dr click github dev, github dev opens editor, in github dev editor have javascript, javascript does shortcuts automatically. github treats javascript shortcuts as real human input, or something. use javascript shortcut stuff to automatically install vscode extension. the vscode extension steals your data
tl;dr tl;dr user clicks 1 link, 1 click steals all data from your github
https://blog.ammaraskar.com/github-token-stealing/
It's funny. Last night I was going pee-pee and I had an idea for a schizo post that would be written something like, "Just got off the phone with the CEO of malware (Satya Nadella). He said don't even trip, dawg, we've got tons of new features coming to the Windows ecosystem so you and your group of nerds can continue to discover new things to abuse".
The idea then was posting it with a picture of a cat on a cell phone.
I didn't post it because I was like, "Nah, Microsoft is having a bunch of problems right now, no way Satya Nadella gives the approval to add more gumpie to their slermie frumpy machines".
I was wrong. He has plenty of gumpies for the slermies.
Hello, I'm sorry to the people I kept hanging. I'm dealing with my baby right now.
I'll be doing a little write-up later today and sharing it on vx-underground if you want to read it yourself.
In summary, the FOIA request discusses a high level summary of SolarWinds malware payload and a few government employees who were targeted provide some information on stuff. It also unveils some cool and badass secret government code names.
I did not place the FOIA request. Although FOIA requests can be made public, for reasons I don't understand the person who initially placed it didn't make it explicitly public (unless I missed something, somewhere).
It was fun reading it. Moving forward I may archive FOIA stuff related to cybersecurity.
I've been really behind on many things. Working from home and having a 14 month is challenging. I am hoping when he starts school in a few years I will have more free time (around 2030?).
This is a very silly photo.
WeezerOSINT shared a photo of someone speaking with Instagram Trust & Safety. They told him what he is describing is "impossible" and denied the existence of the AI bug thing
"It doesn't exist, nerd. AI is never wrong" - Zuckerberg, probably
Silly emulation gunk: https://tria.ge/260531-gepdbsas8t/behavioral2
Читать полностью…
This is beautiful.
The kids are finding FREE MALWARE and understand the beauty of free malware.
Thank you, Skinpack.
A long long time ago, when I first got into malware, I met a kid who was a little older than me who, by all standards of measurement, was significantly more intelligent and gifted than me.
He made me feel like a moron.
Very quickly he established a reputation on IRC for being "the guy", despite being like, 16. His parents were financially well off and extremely supportive and sent him to DEFCON. He had a really great PC setup. He had it all lined up. He was destined for an amazing and strong career in information security. I was extremely envious of him because he also had a super pretty girlfriend while somehow being a massive nerd. His parents bought him a car. In my eyes he had it all.
On my side, I had some old piece of crap computer. I didn't even have a computer chair, I used some ghetto dining room table chair made from janky wood. It was all beat up and yucky.
I struggled learning C. On IRC I was basically the village idiot and memed all the time (although in good jest). My friend would become frustrated with me because of how slow I learned.
I was a poor kid. I wasn't like, poor-poor like, homeless or whatever, but his parents has significantly more money than mine and were capable for providing for their son in ways my family could not.
I'm not entirely sure what happened because, despite him learning faster, retaining more information, having more resources, having amazing opportunities, ... he threw it away. I have no idea why. He lost his focus somehow and ended up working at a restaurant for a little bit as a server. He later worked at a mall kiosk.
I ended up being the successful one. I ended up having an amazing career in cybersecurity. I ended up knowing far more than him.
Sometimes I reflect on it and it blows my mind. I only surpassed him because I had endurance and was willing to continue the grind.
He had everything on a silver platter. He had so many amazing opportunities. He could have gone so far, he was so incredibly gifted and smart.
I have no idea what he was thinking to make him squander it all.
I guess the moral of the story is that turtle and the rabbit thingy has truth to it.
I considered sharing the screenshot, but from what I've seen and heard, Instagram are severing the heads of people who post Marks phone number. I've seen a few X accounts get suspended
Silly shenanigans indeed
I've got a backstreet boys song stuck in my head I haven't heard since 1999
Читать полностью…
My goofy ass website gets 142,000+- unique visitors a month. Dawg, I have GOT to find a way to monetize this without dropping to my knees and begging like a dirty scoundrel on the internet.
I've worked on this gunkie slermie everyday for 7 years. I gotta do something
The people crave malware and malware accessories
Читать полностью…
This thing can have full access to your file system and is always on.
I can't imagine a better thing to abuse on Windows. Imagine all the cool malware and system components we can abuse, oh my lord
I was sniffing around trying to learn more about this FOIA (Freedom of Information Act) gumpy I found on the internet.
*I didn't find it, someone else found it and sent it to me
It's from Bloomberg and (currently) behind a paywall as part of their "FOIA News", or whatever silly name they're calling it to make it interesting.
> lists victims (but redacted)
> interviews witnesses
> big shenanigans
> solarwinds was precise in what doing
> nicknamed "Lazy Fortnite" by government (???)
> victim 1 is v v v important
https://assets.bwbx.io/documents/users/iqjWHBFdfxIU/ry9xLM9wJMxA/v0
After seven years of discussing malware, collecting malware, archiving malware, writing malware, reversing malware, reading about malware, and searching for malware, ... my brain is deep fried like some gump.
When I made this website and social media profile, I was initially very formal, I used dark-art, I tried to be all professional.
Fast forward seven years and I'm writing incomprehensible nonsense and spamming pictures of cats. I'm unironically thinking things like, "Microsoft confirmed their glumpies got slermied. The goop detonated on the frumpest was written by Russian gwumpnessicas".
I have no idea what this website is doing to my brain, bro. My mind is slowly imploding.
As someone who enjoys malware and malware accessories, I for one believe this to be incredible news and I applaud Satya Nadella for this
As someone who deals with malware defensively, I for one believe this is terrible news and I hate Satya Nadella so much right now it's unreal
I have something to share, but it would be such an absurdly long write-up I'm not sure if it's even worth it.
tl;dr FOIA (Freedom of Information Act) request on the SolarWinds compromise. Government sharing details on SolarWinds compromise and impact
Instagram still hasn't (correctly) patched their AI goop account reset thingy. Accounts are still being stolen and Instagram hasn't said anything about it. Nerds continue to find ways to convince AI to reset accounts for them.
People on social media are freaking out because some of these profiles apparently are big sources of revenue for them.
Meanwhile, rumors are floating around that a few weeks ago Instagram laid off a large percentage of their Trust & Safety department and had it replaced with AI.
Very cool
As I'm sure you've all seen by now, nerds have been exploiting Meta's AI agent goop to steal Instagram accounts.
The Instagram AI agent for support could be convinced to reset the credentials to other users accounts by asking nicely and do a super gnarly kickflip on a skateboard, or something, I don't know.
Everyone on social media was freaking out. The trending posts on Xitter was people being all like ERRMERGERD ME INSTAGRAM ACCNT WAS STOLEN. It also resulted in some celebrities having their accounts stolen. One stolen account showed some rapper named Lil Tracy (?) messaging 14 year olds, or something, despite being 18 at the time.
All the big cybersecurity nerds were discussing it, yelling about AI, taking the opportunity to meme Zuckerberg (as is tradition).
The AI exploit thingy has apparently existed for awhile, a few months apparently, but that is kind of just gossip. I haven't seen any solid proof of that. Meta supposedly fixed the issue, but some people are saying you can still ask nicely and do a super gnarly heelflip and Instagram goop gives you account resets.
Cool stuff bro, it's AI, it's lit
pic unrelated
Yesterday I got a funny DM. s00pcan said some AI slop is automatically forking his Linux open-source projects and adding goofy ass ReadMe files to look all fancy. The primary difference though is the ReadMe includes a "download here" link which delivers a .zip file.
The .zip file contains cool and badass malware. The malware is also free. Yay
This is a campaign which has been identified by various AV vendors since April, 2026. It is attributed to StealC.
In this particular instance though it is very, very silly. The exact mechanic in which this StealC group is using to automagically fork projects on GitHub, insert bogus ReadMe files, etc. is unknown. Clearly it is AI generated. However, this group failed to account for all edge cases because ... this is malware developed for Windows ... but it is from a Linux audio driver fork.
This yet again however a use case of AI in malware campaigns. StealC has been around forever and clearly isn't AI slop. However, Threat Actors are using AI to generate fancy schmancy ReadMe files. Very cool. Thank you, Mr. Smart GPU-thingy.
The following GitHub I'll be linking is giving FREE malware. Visiting the page won't give you the free malware. At the top of the ReadMe is a "Download" section with a hyperlink to "pcie_dante_snd_v1.4".
If you care what this payload does:
Inside this .zip file is "Application.cmd", "dir-dot-cc", "lua51.dll", and "loader.exe".
Application.cmd is a command line file, it launches loader.exe. Loader.exe is responsible for loading the "dir" file. Loader.exe is dependent on lua51.dll because the "dir" file is a GIANT obfuscated Lua file.
I hate Lua and I hate dealing with obfuscated Lua, I refuse to be a victim of Lua, so instead of trying to bonk it with a stick I emulated it. Unsurprisingly, the malicious Lua file tries to harvest credentials from Chrome and exfiltrate them to a remote host.
Free malware: github-dot-com/mbyington67-prog/snd-dante-pcie/tree/master
tl;dr ai slopping and forking github, delivers malware that uses obfuscated lua, i like cats a lot
Hello
I have added more malware to the malware collection place. I have added 150,000 malwares and a bunch of malware reversing papers coupled with malwares.
Please download the malware.
vx-underground.org/Updates
Hello,
If you're a person who enjoys malware and/or knows Python and wants to see malware that targets STEAM and GAMERS, I have the source code to a malware I have named "Stealer.Python.GMBA.Manipulator".
This malware was originally noted on Xitter from GMBA.
In summary, this Python malware kills the Steam process and relaunches it with the "-cef-enable-debugging" flag. Because Steam is a Chromium app, this allows the malware payload to manipulate Steam web pages with web socket gunk and Javascript gunk.
This malware can "modify" user inventories, "block users", etc. It is all a facade designed to trick and social engineer Steam users into giving their expensive Counter Strike stuff to them.
It appears to be written using AI. Regardless of that fact this malware is creative and I like it.
The malware source code to this can be found under the "/Python/" directory. It is named "Stealer.Python.GMBA.Manipulator.7z".
This malware campaign is still active and the C2 is still live. If you execute the __main__.py file you might cook yourself, so be careful. Alternatively, you can run this in a VM and send the malware campaign authors pictures of Goatse.
https://github.com/vxunderground/MalwareSourceCode