vx-underground
The largest collection of malware source, samples, and papers on the internet. Password: infected https://vx-underground.org/
Show more39 731
Subscribers
+3424 hours
+4217 days
+1 79830 days
- Subscribers
- Post coverage
- ER - engagement ratio
Data loading in progress...
Subscriber growth rate
Data loading in progress...
There is an interestingly psychological phenomena whereas some Threat Actors, particularly scammers and fraudsters, falsely believe having money will make them respectable or make people like them.
Money means nothing. Materialism does not impress people β only the shallow.
β€ 9π 2π― 2π 1
ZachXBT continues to prove himself as a world leading expert in crypto analysis. It is remarkable how a single person can make such a profound impact.
He gave law enforcement everything they needed on a silver plate. He got them busted in less than 2 months.
tl;dr speedrun
Attached PDF is from Twitter. It is how he got 2 crypto thieves arrested for stealing $230,000.
zachxbt.pdf2.44 MB
β€ 12π€ 4π€£ 1
There is no information on the impact to customers. We don't believe clients money is gone β this isn't an attack against SWIFT. We presume this to be an attack against the institutions internal financial documents and employees.
However, we could also be completely wrong.
π€ 17π€£ 5π’ 2π 1
RansomHub ransomware groups claims to have ransomed Liberty First Credit Union.
Liberty First Credit Union is a small to medium sized credit union (not-for-profit bank) located in Omaha, Nebraska.
π€£ 27π’ 8π 4
Photo unavailableShow in Telegram
> OMG John Hammond's proof-of-concept trick is being used by Lumma stealer!!!
Us, with a giant library of malware source code and malware builders:
π€£ 79π₯ 19π 3π 2β€βπ₯ 1π’ 1
Oh and pagers and walkie talkies exploding. This does not fall into the realm of malware, or news we would typically discuss, but there is a high volume of people who believe this to be malware.
It's not malware. They snuck explosives into the devices.
Have a nice day.
β€ 74π 12π 6π€ 6π 4β€βπ₯ 1π 1
Photo unavailableShow in Telegram
Crazy Thursday.
- Dr. Web, the Russian antivirus company, disclosed a breach. Dr. Web stopped sending antivirus updates September 16th. Subsequently, Dr. Web reportedly disconnected their servers from their internal network while they investigated the suspected compromise. Dr. Web reports to have resolved the issue and has returned to normal day-to-day operations. No Threat Actor has been attributed to the compromise. They believe the compromise occurred on or around September 14th.
- Yesterday, or sometime before, GitHub users were targeted in mass by a large scale phishing and/or malware campaign. An unknown Threat Actor(s) pushed their Lumma Stealer campaign by leaving bogus issues on GitHub projects. When the project owner visited the issue, the issue linked to a domain titled 'GitHub-Scanner'. GitHub-Scanner requested the visitor prove their humanity (e.g. not a robot) by doing Windows + R and Windows + V + ENTER. When the site is visited, the website copies malicious code to the users clipboard. Windows + R, opening Windows Run, and Windows + V, pasting the malicious code to the Run window and ENTER would run the code, this would trick the user into executing their malware payload. Once the payload is executed, it downloads a file called 'IE6.exe'. IE6.exe is Lumma information stealer. While it is a clever trick, the Threat Actor(s) (intentionally, or unintentionally) did not account for users who are not running Windows. This caused confusion for non-Windows users, or users on mobile devices.
π€£ 77π€― 17π 14β€βπ₯ 3β€ 2π’ 1
If you're curious what pain looks like:
https://samples.vx-underground.org/tmp/prankware.txt
π₯° 29π’ 8π€£ 8π€ 5π€― 4π 4π 2π₯ 2
Photo unavailableShow in Telegram
> have prankware idea (non-malicious malware?)
> write simple poc
> it works.png
> decided to rewrite it 1337 coo w/ no dependencies
> ...
> 841 lines of c++ later
> nowhere near done
π 71π’ 12π₯ 8π 5β€ 3β€βπ₯ 2π 2π― 1
Just another day on Twitter
Photos via ZachXBT
π€£ 122π«‘ 18π 9β€ 5π± 2π’ 2π 1
Choose a Different Plan
Your current plan allows analytics for only 5 channels. To get more, please choose a different plan.