Updates to vx-underground:
Papers:
- 2023-12-11 - Mustang Pandaโs PlugX new variant targetting Taiwanese government and diplomats
- 2024-01-05 - AsyncRAT loader: Obfuscation, DGAs, decoys and Govno
- 2024-03-22 - Large-Scale StrelaStealer Campaign in Early 2024
- 2024-04-02 - Updated StrelaStealer Targeting European Countries
- 2024-06-21 - AmberAmethystDaisy to QuartzBegonia to LummaStealer
- 2024-06-24 - StrelaStealer Resurgence: Tracking a JavaScript-Driven Credential Stealer Targeting Europe
- 2024-07-10 - DodgeBox: A deep dive into the updated arsenal of APT41 (Part I)
- 2024-07-11 - Brief technical analysis of the Poseidon Stealer
- 2024-07-11 - ClickFix Deception: A Social Engineering Tactic to Deploy Malware
Families:
- ZeroT
- FlokiBot
- PlugX
- RockLoader
- StealC
- Vidar
- SmokeLoader
- Socks5Systemz
- Redline
- Enigma
- DowneksLoader
- BabadedaLoader
- BartRansomware
- Amadey
- ATMitch
Papers:
- 2023-12-11 - Mustang Pandaโs PlugX new variant targetting Taiwanese government and diplomats
- 2024-01-05 - AsyncRAT loader: Obfuscation, DGAs, decoys and Govno
- 2024-03-22 - Large-Scale StrelaStealer Campaign in Early 2024
- 2024-04-02 - Updated StrelaStealer Targeting European Countries
- 2024-06-21 - AmberAmethystDaisy to QuartzBegonia to LummaStealer
- 2024-06-24 - StrelaStealer Resurgence: Tracking a JavaScript-Driven Credential Stealer Targeting Europe
- 2024-07-10 - DodgeBox: A deep dive into the updated arsenal of APT41 (Part I)
- 2024-07-11 - Brief technical analysis of the Poseidon Stealer
- 2024-07-11 - ClickFix Deception: A Social Engineering Tactic to Deploy Malware
Families:
- ZeroT
- FlokiBot
- PlugX
- RockLoader
- StealC
- Vidar
- SmokeLoader
- Socks5Systemz
- Redline
- Enigma
- DowneksLoader
- BabadedaLoader
- BartRansomware
- Amadey
- ATMitch
๐ฅ20๐7โค4โคโ๐ฅ2
A few days ago we were alerted to Roblox 'cheaters' (we're using that term loosely) being impacted by malicious code in their 'cheat tool'.
tl;dr malicious script is malicious
The tool being used by Roblox nerds, Wave Executor, executes scripts. In the event a user intentionally, or accidentally, executes a malicious payload, then of course it is going to be malicious.
If you ran a malicious powershell script would you be surprised it was malicious? If you copy-pasted a malicious Python script into IDLE and executed it, would you be surprised it's malicious?
The screenshot circulating is not indicative of some ultra-1337 Roblox cheat exploit โ the user, or proof-of-concept developer, detonated a malicious script. The primary security threat posed to Roblox nerds is, as previously stated, nerds accidentally detonating malicious scripts. We don't expect a script-runner tool designed for Roblox to attempt to determine whether or not something is malicious.
Just be careful copy-pasting code into your script-thingy โ or don't, whatever.
tl;dr malicious script is malicious
The tool being used by Roblox nerds, Wave Executor, executes scripts. In the event a user intentionally, or accidentally, executes a malicious payload, then of course it is going to be malicious.
If you ran a malicious powershell script would you be surprised it was malicious? If you copy-pasted a malicious Python script into IDLE and executed it, would you be surprised it's malicious?
The screenshot circulating is not indicative of some ultra-1337 Roblox cheat exploit โ the user, or proof-of-concept developer, detonated a malicious script. The primary security threat posed to Roblox nerds is, as previously stated, nerds accidentally detonating malicious scripts. We don't expect a script-runner tool designed for Roblox to attempt to determine whether or not something is malicious.
Just be careful copy-pasting code into your script-thingy โ or don't, whatever.
๐คฃ76๐ซก16๐6๐ข3๐ฅ1
A few days ago Fortune magazine did an article about Ferrari disclosing an attempted cybersecurity breach via social engineering.
tl;dr social engineering using ai / deepfake voice
Sometime earlier this month (July, 2024) a Ferrari executive began receiving unusual text messages from an individual impersonating Ferrari Chief Executive Officer Benedetto Vigna.
Interesting, the impersonator called the (unidentified, target's name was not disclosed publicly) executive. The caller is suspected to have used AI and/or deepfake technology to mimick Benedetto Vigna. The unidentified executive stated the tone, the language, and the accent were perfect. However, some of the language seemed unusual. The executive then asked the impersonator: "Sorry, Benedetto, but I need to identify you. What was the title of the book you had just recommended to me a few days earlier?"
The individual, unable to answer the question, terminated the phone call.
This is one of the first major, and publicly disclosed, social engineering attempts via AI / deepfake technology that we're aware of. The Threat landscape is slowly shifting (as is tradition).
tl;dr social engineering using ai / deepfake voice
Sometime earlier this month (July, 2024) a Ferrari executive began receiving unusual text messages from an individual impersonating Ferrari Chief Executive Officer Benedetto Vigna.
Interesting, the impersonator called the (unidentified, target's name was not disclosed publicly) executive. The caller is suspected to have used AI and/or deepfake technology to mimick Benedetto Vigna. The unidentified executive stated the tone, the language, and the accent were perfect. However, some of the language seemed unusual. The executive then asked the impersonator: "Sorry, Benedetto, but I need to identify you. What was the title of the book you had just recommended to me a few days earlier?"
The individual, unable to answer the question, terminated the phone call.
This is one of the first major, and publicly disclosed, social engineering attempts via AI / deepfake technology that we're aware of. The Threat landscape is slowly shifting (as is tradition).
โค91๐ฅ30๐12๐8๐ซก8๐ข1
vx-underground
A few days ago Fortune magazine did an article about Ferrari disclosing an attempted cybersecurity breach via social engineering. tl;dr social engineering using ai / deepfake voice Sometime earlier this month (July, 2024) a Ferrari executive began receivingโฆ
Full article (paywalled): https://fortune.com/2024/07/27/ferrari-deepfake-attempt-scammer-security-question-ceo-benedetto-vigna-cybersecurity-ai/
Fortune
Ferrari exec foils deepfake attempt by asking the scammer a question only CEO Benedetto Vigna could answer | Fortune
โSorry, Benedetto, but I need to identify you,โ the executive said.
๐ซก38โค10๐ข4๐1
vx-underground Roulette:
A binary which generates a random number using a seed you provide. If an even number is generated, you win. If an odd number is generated, a random binary payload off the VXDB is detonated on your machine.
A binary which generates a random number using a seed you provide. If an even number is generated, you win. If an odd number is generated, a random binary payload off the VXDB is detonated on your machine.
๐ฅ135๐คฃ46โค11๐คฏ10๐2๐ค2โคโ๐ฅ1๐1๐ข1
Zscaler's ThreatLabz 2024 ransomware report shows confirmation of DarkAngels ransomware receiving the largest ransomware payment in history: $75,000,000
To put that into perspective: someone could buy 524 2024 Mercedes-Benz G Wagons with this money
or buy 6,000,000,000 Robux...
To put that into perspective: someone could buy 524 2024 Mercedes-Benz G Wagons with this money
or buy 6,000,000,000 Robux...
โค59๐คฏ41๐คฃ20๐ฑ6๐ค4๐ฅ3โคโ๐ฅ1๐ข1
vx-underground
Zscaler's ThreatLabz 2024 ransomware report shows confirmation of DarkAngels ransomware receiving the largest ransomware payment in history: $75,000,000 To put that into perspective: someone could buy 524 2024 Mercedes-Benz G Wagons with this money or buyโฆ
We had to convert USD and real-world value things into Robux because some of our younger audience members don't seem to comprehend the vastness of this stolen money.
They do however seem to understand Robux because that's the only exposure they've ever had to economics.
They do however seem to understand Robux because that's the only exposure they've ever had to economics.
๐คฃ148โค20๐ค16๐ฏ12๐ซก5๐ข2๐1๐ค1
We gotta start making more money some how because we're about to be sharing so many samples daily it'll literally cripple us financially ๐๐๐
๐ซก75โค13๐ฅ9๐ฏ6๐ข4๐3๐ค2โคโ๐ฅ1๐คฃ1
We are happy to announce that finally, after harddrive purchasers waiting 4.5 months, we have received all of the harddrives from the manufacturer.
Moving forward we're going to completely redo how we handle shipping goods because 4.5 months is ridiculous.
Pic unrelated
Moving forward we're going to completely redo how we handle shipping goods because 4.5 months is ridiculous.
Pic unrelated
๐ฅ99๐18๐คฏ16๐5๐ค4๐3โคโ๐ฅ2โค2๐ข1
This media is not supported in your browser
VIEW IN TELEGRAM
POV: It's 2003, you're in your bedroom, you just limewire'd some totally cool new music, you're working on your xanga profile, and disrespecting people registering on myspace
โค110๐ซก46๐ข18โคโ๐ฅ11๐ฅ4๐คฃ4๐ค3๐2๐2๐2๐ฏ1
vx-underground
POV: It's 2003, you're in your bedroom, you just limewire'd some totally cool new music, you're working on your xanga profile, and disrespecting people registering on myspace
Bonus: your homie hits you up on AIM, or Yahoo, or MSN, and tells you about how excited they are for Tony Hawk's Underground
๐ฅ60๐ซก12๐ข7โค6๐ฏ6๐คฃ6๐4๐ค2โคโ๐ฅ1๐1
This media is not supported in your browser
VIEW IN TELEGRAM
POV: You just joined a Telegram chatroom and you haven't even typed a single word yet
โค86๐คฃ77๐ฏ11๐ข5๐ซก4๐ค3โคโ๐ฅ1
This media is not supported in your browser
VIEW IN TELEGRAM
Today the United States, the Russian Federation, and Germany did a prisoner swap.
Most notably:
Roman Seleznev a/k/a Track2, is being returned to the Russian Federation. Seleznev was a prominent member of carder-dot-su. Seleznev developed automated systems for systemic identity theft and credit card fraud. He is estimated to have stolen over $50,000,000
Vladislav Klyushin, is being returned to the Russian Federation. Klyushin was a notorious hack-to-trade fraudster. He and his group compromised organizations to get perform pseudo-insider-trading which resulted in profits over $93,000,000.
Videos released today via the Kremlin shows President Vladimir Putin greeting prisoners as they set foot on Russian soil once again. Here is the clip of Roman Seleznev shaking hands with Vladimir Putin.
Most notably:
Roman Seleznev a/k/a Track2, is being returned to the Russian Federation. Seleznev was a prominent member of carder-dot-su. Seleznev developed automated systems for systemic identity theft and credit card fraud. He is estimated to have stolen over $50,000,000
Vladislav Klyushin, is being returned to the Russian Federation. Klyushin was a notorious hack-to-trade fraudster. He and his group compromised organizations to get perform pseudo-insider-trading which resulted in profits over $93,000,000.
Videos released today via the Kremlin shows President Vladimir Putin greeting prisoners as they set foot on Russian soil once again. Here is the clip of Roman Seleznev shaking hands with Vladimir Putin.
๐78๐คฏ53๐ข19โค14๐13๐ฅ11๐11๐ค9๐7โคโ๐ฅ4๐ฑ4