vx-underground
Oh. My. God. Santa (a/k/a Cuzie13) was a little late this Christmas, but bro still delivered. We got malicious AI generated advertisements on Snapchat tl;dr fake windows activation, running command shown executes malicious powershell noscript that downloads…
Guess that Pokemon! It's...
Vidar Information Stealer! Yay! It uses Telegram, and some weird Ukrainian domain, as a C2. Yay! Free information stealer malware campaign payload!
Smash that download button, fam
Vidar Information Stealer! Yay! It uses Telegram, and some weird Ukrainian domain, as a C2. Yay! Free information stealer malware campaign payload!
Smash that download button, fam
😁86🔥16❤6🥰4🤝2🫡2🤯1🤣1
vx-underground
Guess that Pokemon! It's... Vidar Information Stealer! Yay! It uses Telegram, and some weird Ukrainian domain, as a C2. Yay! Free information stealer malware campaign payload! Smash that download button, fam
For malware analysts, or nerds who care:
Initial access noscript SHA256:
aa3a9ed1e3b21845a6a0dfd5cef12661becbdb738e2a78adecbb2421785795c9
Payload SHA256:
58ed7f9d65b10b2501e5d080217ae79cd0d88ae0d784896ceac67abda03ab3ed
Delivery domain:
mscfg[.]cfd
C2:
hov[.]kievholod[.]kiev[.]ua
t[.]me/gal17d
Initial access noscript SHA256:
aa3a9ed1e3b21845a6a0dfd5cef12661becbdb738e2a78adecbb2421785795c9
Payload SHA256:
58ed7f9d65b10b2501e5d080217ae79cd0d88ae0d784896ceac67abda03ab3ed
Delivery domain:
mscfg[.]cfd
C2:
hov[.]kievholod[.]kiev[.]ua
t[.]me/gal17d
🔥48😁19🫡12❤7🥰4🤯1🤓1
Big drama on the internet today as several high-profile tarkov players had their account compromised.
Mass hysteria has erupted online. However, in an interesting twist of fate, the individual who claims responsibility for the compromises has come forward and explained how they exploited Escape From Tarkov's authentication system and effectively bypassed it.
The person responsible is (based on information they've provided) from Argentina. Their explanation is in Spanish. Here is the tl;dr and in English
"The Steam (OpenID) authentication system does not appear to be correctly validating the digital signature (openid.sig) or the response_nonce returned by the Steam servers. This allows an attacker to impersonate any user account simply by manually modifying the openid.identity and openid.claimed_id parameters in the return URL.
Vulnerable Endpoint example:
https://profile.tarkov.com/login/steam?openid.ns=http://specs.openid.net/auth/2.0&openid.mode=id_res&openid.op_endpoint=https://steamcommunity.com/openid/login&openid.claimed_id=
Vulnerable Parameter: openid.identity / openid.claimed_id
Steps to reproduce (Proof of concept):
- Start a legitimate Steam login process.
- Before the page loads the profile, intercept or modify the Steam response URL.
- Replace the SteamID64 at the end of the openid.claimed_id and openid.identity parameters with that of any other user.
- The server grants access to the profile of the user whose ID was entered, without having gone through the real login process of that account.
The individual goes on criticism the game company for their lack of security. He says all Steam users are impacted, including game developers.
The person responsible shared photos as proof
tl;dr Tarkov devs are going to have to do big work over the Holiday break to patch this before things get worse
Mass hysteria has erupted online. However, in an interesting twist of fate, the individual who claims responsibility for the compromises has come forward and explained how they exploited Escape From Tarkov's authentication system and effectively bypassed it.
The person responsible is (based on information they've provided) from Argentina. Their explanation is in Spanish. Here is the tl;dr and in English
"The Steam (OpenID) authentication system does not appear to be correctly validating the digital signature (openid.sig) or the response_nonce returned by the Steam servers. This allows an attacker to impersonate any user account simply by manually modifying the openid.identity and openid.claimed_id parameters in the return URL.
Vulnerable Endpoint example:
https://profile.tarkov.com/login/steam?openid.ns=http://specs.openid.net/auth/2.0&openid.mode=id_res&openid.op_endpoint=https://steamcommunity.com/openid/login&openid.claimed_id=
Vulnerable Parameter: openid.identity / openid.claimed_id
Steps to reproduce (Proof of concept):
- Start a legitimate Steam login process.
- Before the page loads the profile, intercept or modify the Steam response URL.
- Replace the SteamID64 at the end of the openid.claimed_id and openid.identity parameters with that of any other user.
- The server grants access to the profile of the user whose ID was entered, without having gone through the real login process of that account.
The individual goes on criticism the game company for their lack of security. He says all Steam users are impacted, including game developers.
The person responsible shared photos as proof
tl;dr Tarkov devs are going to have to do big work over the Holiday break to patch this before things get worse
🤣47🥰37❤11🔥3😱2
vx-underground
Big drama on the internet today as several high-profile tarkov players had their account compromised. Mass hysteria has erupted online. However, in an interesting twist of fate, the individual who claims responsibility for the compromises has come forward…
inb4 argentina mentioned memes
🥰39🤓13❤3🔥1
vx-underground
Ubisoft executives when they hear the news someone has compromised Rainbow Six Siege and gifted $13,332,000 worth of in-game currency to roughly 30,000,000 active players, thus defrauding their company of an estimated $339,960,000,000,000
Ubisoft executives when they learn some nerds gifted more than the entire United States National Debt ($38,000,000,000,000) to a bunch of stinky gamers
🤣115🔥16❤🔥5❤2
vx-underground
Ubisoft executives when they hear the news someone has compromised Rainbow Six Siege and gifted $13,332,000 worth of in-game currency to roughly 30,000,000 active players, thus defrauding their company of an estimated $339,960,000,000,000
To those who are non-nerds,
Yes, the situation is funny. (Un)fortunately in this scenario everything in game is now worthless because everyone has everything. What will most likely happen is Ubisoft will sigh, do a massive database roll back, or mass undo inventory stuff for players.
This isn't going to destroy their company or revenue. It will however annoy the shit out of them (leadership) and the developers because they're going to have to work to fix the issue during the holiday season.
My post is meant to be funny. I enjoy mocking the absurdity of the situation and poking fun at large companies who have oopsies like this.
Yes, the situation is funny. (Un)fortunately in this scenario everything in game is now worthless because everyone has everything. What will most likely happen is Ubisoft will sigh, do a massive database roll back, or mass undo inventory stuff for players.
This isn't going to destroy their company or revenue. It will however annoy the shit out of them (leadership) and the developers because they're going to have to work to fix the issue during the holiday season.
My post is meant to be funny. I enjoy mocking the absurdity of the situation and poking fun at large companies who have oopsies like this.
🤣68🥰13👏11❤3😁2🎉2🤝1
vx-underground
To those who are non-nerds, Yes, the situation is funny. (Un)fortunately in this scenario everything in game is now worthless because everyone has everything. What will most likely happen is Ubisoft will sigh, do a massive database roll back, or mass undo…
inb4 no backups, everything is actually cooked
🤣87😁9❤3❤🔥2😱1
Clarification post, previous post about Ubisoft lead to some confusion. That's my fault. I'll be more verbose. I was trying to compress the information into 1 singular post without it exceeding the word limit.
Here's the word on the internet streets:
- THE FIRST GROUP of individuals exploited a Rainbow 6 Siege service allowing them ban players, modify inventory, etc. These individuals did not touch user data (unsure if they even could). They gifted roughly $339,960,000,000,000 worth of in-game currency to players. Ubisoft will perform a roll back to undo the damages. They're probably annoyed. I cannot go into full details at this time how it was achieved.
- A SECOND GROUP of individuals, unrelated to the FIRST GROUP of individuals, exploited a MongoDB instance from Ubisoft, using MongoBleed, which allowed them (in some capacity) to pivot to an internal Git repository. They exfiltrated a large portion of Ubisoft's internal source code. They assert it is data from the 90's - present, including software development kits, multiplayer services, etc. I have medium to high confidence this true. I've confirmed this with multiple parties.
- A THIRD GROUP of individuals claim to have compromised Ubisoft and exfiltrated user data by exploiting MongoDB via MongoBleed. This group is trying to extort Ubisoft. They have a name for their extortion group and are active on Telegram. However, I have been unable to determine the validity of their claims.
- A FOURTH GROUP of individuals assert the SECOND group of individuals are LYING and state the SECOND GROUP has had access to the Ubisoft internal source code for awhile. However, they state the SECOND GROUP is trying to hide behind the FIRST GROUP to masquerade as them and give them a reason to leak the source code in totality. The FIRST GROUP and FOURTH GROUP is frustrated by this
Will the SECOND GROUP leak the source code? Is the SECOND GROUP telling the truth? Did the SECOND GROUP lie and have access to Ubisoft code this whole time? Was it MongoBleed? Will the FIRST GROUP get pinned for this? Who is this mysterious THIRD GROUP? Is this group related to any of the other groups?
Find out next time on Dragon Ball Z
Here's the word on the internet streets:
- THE FIRST GROUP of individuals exploited a Rainbow 6 Siege service allowing them ban players, modify inventory, etc. These individuals did not touch user data (unsure if they even could). They gifted roughly $339,960,000,000,000 worth of in-game currency to players. Ubisoft will perform a roll back to undo the damages. They're probably annoyed. I cannot go into full details at this time how it was achieved.
- A SECOND GROUP of individuals, unrelated to the FIRST GROUP of individuals, exploited a MongoDB instance from Ubisoft, using MongoBleed, which allowed them (in some capacity) to pivot to an internal Git repository. They exfiltrated a large portion of Ubisoft's internal source code. They assert it is data from the 90's - present, including software development kits, multiplayer services, etc. I have medium to high confidence this true. I've confirmed this with multiple parties.
- A THIRD GROUP of individuals claim to have compromised Ubisoft and exfiltrated user data by exploiting MongoDB via MongoBleed. This group is trying to extort Ubisoft. They have a name for their extortion group and are active on Telegram. However, I have been unable to determine the validity of their claims.
- A FOURTH GROUP of individuals assert the SECOND group of individuals are LYING and state the SECOND GROUP has had access to the Ubisoft internal source code for awhile. However, they state the SECOND GROUP is trying to hide behind the FIRST GROUP to masquerade as them and give them a reason to leak the source code in totality. The FIRST GROUP and FOURTH GROUP is frustrated by this
Will the SECOND GROUP leak the source code? Is the SECOND GROUP telling the truth? Did the SECOND GROUP lie and have access to Ubisoft code this whole time? Was it MongoBleed? Will the FIRST GROUP get pinned for this? Who is this mysterious THIRD GROUP? Is this group related to any of the other groups?
Find out next time on Dragon Ball Z
🤣118🔥13❤10👍2🤓2
People are celebrating the Ubisoft drama like when Bin Laden died
Damn, y'all hate this company
Damn, y'all hate this company
❤🔥123😁32🙏15❤7🎉5🫡5👍4🔥2🥰2💯2😢1
Rainbow 6 Siege announced a rollback will be occuring. Users who spent the $13,000,000 of in-game credits gifted to them by the Threat Actors will not be punished. However, the purchasers will be reversed.
Additionally, users who were banned by the Threat Actors will be unbanned.
The parties over.
Additionally, users who were banned by the Threat Actors will be unbanned.
The parties over.
😁77🤣29😢19🫡7❤1🔥1🥰1💯1😎1
Hello,
I have more silly news to share. Unfortunately I have torn the ligament that connects my pubic muscles to my hip, or something, I don't know. I don't understand it at all. However, I do understand my testicles are in immense pain and I am unable to move.
Once my testicular pain has resided I have silly news.
Thanks,
-smelly smellington
I have more silly news to share. Unfortunately I have torn the ligament that connects my pubic muscles to my hip, or something, I don't know. I don't understand it at all. However, I do understand my testicles are in immense pain and I am unable to move.
Once my testicular pain has resided I have silly news.
Thanks,
-smelly smellington
😢66🤣43😱14🙏8🔥5💯4😎2🥰1😁1🤓1🤝1
Here is a silly image of someone logging into Rainbow Six Siege earlier today and receiving a deposit of over 2,100,000,000 credits.
15,000 credits is $99.99
$13,998,600 worth of in-game currency.
Unfortunately, it's been rolled back and the in-game currently is gone. Interestingly, this proves Ubisoft does indeed possess the capability to allow users to own and/or purchase over $13,000,000 worth of in-game purchases for micro-transactions
15,000 credits is $99.99
$13,998,600 worth of in-game currency.
Unfortunately, it's been rolled back and the in-game currently is gone. Interestingly, this proves Ubisoft does indeed possess the capability to allow users to own and/or purchase over $13,000,000 worth of in-game purchases for micro-transactions
🥰47🤔10😢10❤5😇2
This media is not supported in your browser
VIEW IN TELEGRAM
> post about vuln billion dollar Italian company
> ppl say italy wont care
> italy gov contacts me
> ubisoft hacked and bamboozled
> tarkov auth bypass bamboozles
> trustwallet users drained of $9m on christmas
> more i cant say yet
Another day of internet schizophrenia.
> ppl say italy wont care
> italy gov contacts me
> ubisoft hacked and bamboozled
> tarkov auth bypass bamboozles
> trustwallet users drained of $9m on christmas
> more i cant say yet
Another day of internet schizophrenia.
🥰86❤18😁9👍2
vx-underground
Clarification post, previous post about Ubisoft lead to some confusion. That's my fault. I'll be more verbose. I was trying to compress the information into 1 singular post without it exceeding the word limit. Here's the word on the internet streets: - THE…
On today's episode of Dragon Ball Z
The FIRST GROUP is laying low after gifting everyone on Rainbow Six Siege $339,000,000,000,000 worth of in-game currency.
The SECOND GROUP has been having some conflicts with people on THE INTERNET. The story has changed. Initially I shared this group had compromised an internal Git repository, or something, and had stolen internal source code. Word is now that this was A LIE (or exaggeration) and they do not have as much material as they shared.
The THIRD GROUP is LYING. They did NOT compromise Ubisoft customer data (to the best of my knowledge) and they're trying to scare and intimidate Ubisoft or Ubisoft employees because ???
The FOURTH GROUP is also kind of laying low. They assert GROUP TWO is a bunch of jerks. Basically, to reiterate, the FOURTH GROUP thinks GROUP TWO has had some source code to Ubisoft for awhile BUT thinks GROUP TWO is trying to hide behind GROUP ONE and basically frame them, or something, I don't know.
There's also a bunch of IMPOSTER GROUP TWOs on the internet now. They are people lying trying to impersonate extortionists ... because ... don't understand why.
Will GROUP ONE let me talk more about how they bamboozled Ubisoft? Will GROUP ONE keep ignoring my DMs? Will GROUP TWO show more proof about their data exfiltration other than "cmon bro"? Will GROUP FOUR continue to have beef with GROUP TWO? Who is GROUP THREE and why did they lie about compromising Ubisoft customer data? Why are there now IMPOSTER GROUP THREE people?
Find out next time on Dragon Ball Z
The FIRST GROUP is laying low after gifting everyone on Rainbow Six Siege $339,000,000,000,000 worth of in-game currency.
The SECOND GROUP has been having some conflicts with people on THE INTERNET. The story has changed. Initially I shared this group had compromised an internal Git repository, or something, and had stolen internal source code. Word is now that this was A LIE (or exaggeration) and they do not have as much material as they shared.
The THIRD GROUP is LYING. They did NOT compromise Ubisoft customer data (to the best of my knowledge) and they're trying to scare and intimidate Ubisoft or Ubisoft employees because ???
The FOURTH GROUP is also kind of laying low. They assert GROUP TWO is a bunch of jerks. Basically, to reiterate, the FOURTH GROUP thinks GROUP TWO has had some source code to Ubisoft for awhile BUT thinks GROUP TWO is trying to hide behind GROUP ONE and basically frame them, or something, I don't know.
There's also a bunch of IMPOSTER GROUP TWOs on the internet now. They are people lying trying to impersonate extortionists ... because ... don't understand why.
Will GROUP ONE let me talk more about how they bamboozled Ubisoft? Will GROUP ONE keep ignoring my DMs? Will GROUP TWO show more proof about their data exfiltration other than "cmon bro"? Will GROUP FOUR continue to have beef with GROUP TWO? Who is GROUP THREE and why did they lie about compromising Ubisoft customer data? Why are there now IMPOSTER GROUP THREE people?
Find out next time on Dragon Ball Z
🤣60❤4🔥4🥰2
I'm trying to notify this Web3 startup company they have a pretty severe vulnerability in one of their products.
The CEO of the company advertises his Telegram handle, but trying to contact him he charges $1.49 per message sent to him
Dude what the fuck?
The CEO of the company advertises his Telegram handle, but trying to contact him he charges $1.49 per message sent to him
Dude what the fuck?
🤣39😁5😇2❤1🔥1🤯1🫡1