C programmers having a complete personality change the second they see someone mention Rust or Go (it's going to be a 4 hour long debate)

A visual explanation of how malware masquerading works.

In the attached image what you see appears to be corn, but it's actually a cat.

Similarly in malware masquerading, you see a legit binary, but it's actually malware (sometimes a cat)

We are approaching 300,000 followers on Twitter.

This is an astronomically large number that we never expected to reach.

Some thoughts and feelings:

When vx-underground was first created in May, 2019 the initial goal was to 'revive the VX-scene' – with the hopes that with content being added and archived we could act as an accelerant of malware related education. We really wanted to see a lot of people into malware development (because it's fun!).

Initially we celebrated 100 followers, we celebrated 1,000 followers, we celebrated 10,000 followers. We never imagined so many people, from all across the planet, would care about our website, our shitposts, and the things we discuss. It's a surreal experience because all of this was a happy accident and we still have no idea what the hell is going on. Each day is something different and we just kind of go with the flow. ¯\_(ツ)_/¯

Just a few years ago malware development seemed taboo. We had many 'influential' people call us criminals, said we fueled or actively aided criminals. Now nearly 5 years later those same 'influencers' are polite to us and seem to forget the negative things they said about us.

Anyway, there is a lot that could be said, but thank you everyone for the love and support. Thank you to everyone who donates, sponsors us, gifts us things, and sends messages of support. On our side of the fence all we see is a big number of followers – we don't see the real world impact our website has created.

We are sometimes told stories that our website has helped them with their career, helped them improve their knowledge set, or aided their organization in some way. We didn't know this and we're still always amazed by this because on our side of the keyboard we're just kind of vibing out and doing what we think is cool.

We turn 5 years old soon. At our current pace we may hit 300,000 followers soon. Things we never expected. Thank you again for everything. It's been a crazy ride.

Cheers to (almost) 5 years of vx-underground and the many years to come.

No, we don't get ad revenue from the shitty fuckin' ads Telegram displays on our channel.

You're all degenerates and CANNOT be trusted

https://github.com/NationalSecurityAgency/ghidra/assets/118324883/b8209e95-1bb7-4c1c-875b-8cceed44c3a1

Can't believe you nerds would add this to the NSA's GitHub repo 😡😡😡

Hello, how are you?

Today is the day of rest. We hope everyone had a lovely Sunday. If it is not Sunday for you currently, get back to work >:(

Have a nice day, or night, or morning

asdasd13asbz discovered Kimsuky (state-sponsored North Korean hackers) mailspam tool.

We've added it to vx-underground. It is named after it's SHA256 hash: bb9c0396a61fa16d8c482a4a17e520fae908aa826e54243da6473494fa5f2305

You can download it here: https://vx-underground.org/tmp

Very cool. Version 10 👍

Someone used AI to make Lockbit ransomware groups statement regarding the FBI takedown ... into an anime-like EDM ... ?

You're all degenerates 😂😂😂

What happened.

On February 19, 2024 penetration testing of two of my servers took place, at 06:39 UTC I found an error on the site 502 Bad Gateway, restarted nginx - nothing changed, restarted mysql - nothing changed, restarted PHP - the site worked. I didn't pay much attention to it, because for 5 years of swimming in money I became very lazy, and continued to ride on a yacht with titsy girls. At 20:47 I found that the site gives a new error 404 Not Found nginx, tried to enter the server through SSH and could not, the password did not fit, as it turned out later all the information on the disks was erased.

Due to my personal negligence and irresponsibility I relaxed and did not update PHP in time, the servers had PHP 8.1.2 version installed, which was successfully penetration tested most likely by this CVE https://www.cvedetails.com/cve/CVE-2023-3824/ , as a result of which access was gained to the two main servers where this version of PHP was installed.  I realize that it may not have been this CVE, but something else like 0day for PHP, but I can't be 100% sure, because the version installed on my servers was already known to have a known vulnerability, so this is most likely how the victims' admin and chat panel servers and

POV: The FBI raids you and finds you relaxing on the bed

Malware writing doesn't require programming experience. Just run this random .exe and it'll make any virus you want and it'll be 100% undetected

Hello.

We've sold 8 vx-underground harddrives. Please buy the remaining 12 because we have way too much packing material.

This isn't a joke.

Thank you,

There is heavy overlap with malware developers and video game cheat developers. When you follow this family tree you end up with the malware developers distant cousin – the video game modder.

Anytime we visit our "distant cousins" we find the strangest things.

Sometimes we think about those "recommended cyber security profiles to follow" posts. We've seen dozens of people recommending others to follow us.

We wonder how disappointed they are when they see Chicken Adventure 2 Mods or Boston Dynamic robots holding severed hands. 😭😭

"How can I learn more about malware?"

Our entire website is malware literature. Browse until something seems interesting and read it. If you don't understand it, search online until it makes sense or read a different paper.

There is no easy route. Stop looking for shortcuts.

Learning about malware development, reverse engineering, detection, etc. is an entire career field. It is not something you can watch a few YouTube videos on and be set.

Either do it, or don't. The choice is yours.

The United States FTC has banned non-compete agreements. We look forward to all of you creating a cyber security startup

https://www.ftc.gov/news-events/news/press-releases/2024/04/ftc-announces-rule-banning-noncompetes

Often time peoples forget how goofy antivirus companies used to be.

For example: in the mid 2000's when the Kaspersky AV detected malware on your computer it would trigger "Kaspersky Alert Sound 2". It grabbed users attention immediately.

See attached video for soundbites.

Today Avast unveiled 'GuptiMiner'.

tl;dr eScan AV, out of India, used HTTP for AV updates, not HTTPS, North Korea man-in-the-middle'd updates to large networks to deliver malware

We give this APT campaign an A+ because it's absurdly well executed

https://decoded.avast.io/janrubin/guptiminer-hijacking-antivirus-updates-for-distributing-backdoors-and-casual-mining/