On Monday someone sent me a URL to a website trying to do click-fix targeting MacOS. I missed the message because the X DM system is a broken piece of shit.

The website is 100% malicious, but the final C2 part is dead. Staging payload still works.

I MISSED FREE MAC MALWARE

Here is your free MacOS malware delivering using something akin to click fix and masquerading: mac-faster[.]com/app1/

The 'download' script does a CURL on ballfrank-dot-space

It delivers an obfuscated payload.

Deobfuscated: https://pastebin.com/PCz1cxMU

Chat, we've got FREE MACOS malware. Big news for malware nerds

https://malwaresourcecode.com/home/my-projects/write-ups/free-macos-malware-for-everyone-hurry-up-before-google-patches-it

Wow, wrestling has changed A LOT since I was a kid

Who is this man and why does he speak in silly voices

Epstein files were released by the Department of Justice today.

So many people tried to view it at once the DoJ had to implement anti-DDoS measures.

The amount of data they've released is INSANE.

I'm uploading them to vx-underground if you don't feel like dealing with the DoJ. It's on vx-underground under /tmp/ and named DataSet1,2,3,4

Crime scene evidence:

What the fuck did you just fucking say about me, you little bitch?

Behold my magnum opus. Here is my malware analysis paper collection

Papers:
2006 - 2 papers
2007 - 6 papers
2008 - 4 papers
2009 - 15 papers
2010 - 46 papers
2011 - 60 papers
2012 - 127 papers
2013 - 140 papers
2014 - 170 papers
2015 - 355 papers
2016 - 480 papers
2017 - 793 papers
2018 - 801 papers
2019 - 1056 papers
2020 - 1989 papers
2021 - 2634 papers
2022 - 2607 papers
2023 - 1450 papers
2024 - 1153 papers
2025 - 800 papers

Don't you EVER ask "whAts A GooD pLaCe To LeaRn MaLwaRe aNalYsiS?". I've got 14,869 malware analysis papers curated and organized. Most the papers have the samples with them too.

It's the muthafuckin' library of Alexandria for malware. This shit took half a decade.

It's being synced to prod now for vx-underground:

https://vx-underground.org/Malware%20Analysis

> wonder if anyone found anything interesting in Epstein files
> open x to look

Hello,

The year is coming to a conclusion. Thank you everyone for another wonderful year.

Once the next round of giveaways finish I'll probably be AFK-ish. I am extremely fatigued from work and life. I'm not sure if it's possible, but I would like to be able to nap somewhere between 240 to 480 hours.

Thank you everyone for the fun times and sticking with me while I deal with a vx-underground and a newborn baby. I wholeheartedly appreciate all the kind words and support all of you have shown me. Many of you are great, caring, and compassionate people.

I have some good news and some neutral news. The good news is that I have completed (within reason) collecting every easily discoverable malware analysis paper on the internet. Yes, of course one or two may be missing here or there, but I feel like 14,000 papers over the time span of 2 decades is pretty good.

The neutral news is that moving forward vx-underground will primarily be keeping up to date on things. This isn't necessarily good or bad, but this means updates to vx-underground will be significantly smaller and fewer.

Truthfully, I'm not sure what to do anymore. I started the website with the goal of collecting malware source code, samples, and papers. I've collected 34TB (if decompressed) over 6.5 years. I feel like it would be a betrayal to my audience to continually make silly posts all day, everyday.

I sort of worked myself out of a job, I don't know.

jamieantisocial noticed something interesting.

Look the dramatic increase in malware campaigns from 2019 - 2023. What could this be? What happened during those years?

The same day the United States Department of Justice partially released details on the Jeffrey Epstein case, the Department of Justice released a few other interesting press releases.

Three of the press releases fall into our domain of cybersecurity, the remainder are related to narcotics or illegal immigration.

There is some speculation however that the large volume of press releases unveiled at the same time were intended to be a distraction from the Epstein file disclosure. However, this is just speculative.

What is not speculative however is the modifications made to the United States Department of Justice Epstein file releases.

Since the release of the files, several files have been removed from the release. People reviewing the files noted that the files redacted contained images of the current United States President.

Some individuals online asserted these statements are false and the United States Department of Justice has made no changes to the Epstein file release. However, what people seem to forget is that the internet does not forget.

After the release of the Epstein files the Department of Justice website implemented a queueing feature to prevent accidental DoS. During this time I archived the Epstein file releases so people interested did not have to wait in line.

Guess who has the original releases which contains data which is now removed? It's on vx-underground under /tmp/, it's listed as DataSet1, DataSet2, DataSet3, and DataSet4. Feel free to compare these raw datasets to the new ones.

Why Donald Trump was removed from the Epstein data release is purely speculative. Based on the nature of the case I believe most reviewers were infer something profoundly nefarious.

It's up to you to decide.

The entire case has drawn international attention and will continue to draw international attention for quite a bit of time. We are living in an extremely significant moment in history which will likely be studied closely in the future.

When your children age and ask you, "Mommy, Daddy, do you remember the Jeffrey Epstein case?". You can proudly respond: "Yes, we used primitive AI to make memes about it to minimize how traumatic and unjust the world is. Now stop asking too many questions before the government turns off your NeuroLink chip"

> be me
> spend 3 days working on proof-of-concept
> doesnt work
> have to try different way

I didn't read documentation close enough. I thought I was galaxy brain (I wasn't galaxy brain).

Basically, I wanted to make a WinRT / Windows COM malware proof-of-concept that only executes when the machine is locked. When it is unlocked the malware stops executing. I've done this before very easily with my "Fever Dream" code snippet (I named it Fever Dream because I was very sick when I wrote it).

Anyway, I have a very small brain and wasted A LOT of time on something I should have noticed way earlier.

The formatting is really messed up. I'm not sure why Pastebin cooked the formatting. Whatever, here is a really shitty proof-of-concept. The code DOES WORK when the user logs out then logs back in. However, if the user logs out the code won't work anyway unless it is running as a service.

https://pastebin.com/raw/L752XNTV

tl;dr wasted 3 days because didnt read documentation

Coinbase has historically has received heavy criticism for failing to protect users for scammers and Insider Threats.

Friday, December 19th, 2025, Coinbase released a statement alongside the Office of the Brooklyn District Attorney Eric Gonzalez, and his Virtual Currency Unit, the indictment of 23-year-old Ronald Spektor of Brooklyn, New York, United States.

Ronald Spektor a/k/a "lolimfeelingevil", "I'm feeling Evil", allegedly impersonated Coinbase staff and scammed users out of an estimated $16,000,000. He deceived victims utilizing fictitious emails, text messages, phone calls, or fake websites.

Mr. Spektor, per court documents, was partially identified due to himself boasting on Telegram about his theft. He was particularly vocal on his Telegram channel, "Blockchain Enemies".

Court records indicate Mr. Spektor resides with his Father and a good portion of the money stolen was spent on online gambling. However, $105,000 in cash was seized and $400,000 in cryptocurrency was seized.

Mr. Spektor has been charged with:
- First-degree grand larceny (PL §155.42)
- First-degree money laundering (PL §470.20)
- Scheme to defraud (likely first degree, PL §190.65)

Additionally, per documents which state Mr. Spektor is facing other "related charges", Mr. Spektor may be facing
- Falsifying business records
- Criminal possession of stolen property
- Identity theft

Based on the charges brought forth, Mr. Spektor is facing over 30 years in prison. However, it should be noted that the current judicial system in the United States often does not do maximum penalties unless someone is a repeat offender.

Mr. Spektor being a first time offender, and assuming he takes a plea deal, is more likely to receive 12 years in prison with a required 85% time served. If Mr. Spektor decides to take the case before a jury and proclaim his innocence, and he is found guilty, he faces 15 - 20 years in prison.

In simplest terms, if Mr. Spektor "snitches" and behaves, he will serve 10 years in prison and be released sometime in 2036.

If he tries to fight the case and is found guilty, he will face 15 - 20 years, but with good behavior could be released somewhere between 2038 - 2043.

Coinbase CEO Brian Armstrong, alongside the Brooklyn District Attorney Eric Gonzalez, released a mugshot of "lolimfeelingevil" a/k/a Ronald Spektor