We got a DMCA strike for sharing footage of the Gojira performance.

Lame.

Anyway, back to malware stuff

Thank you for the kind words

It's been 5 years and this is still an on-going gag.

Good morning, afternoon, or night.

Today is the day of the rest. It's been quite a week, lots of crazy stuff happening. We hope all of you had a good week, weekend, and are enjoying your Sunday:)

Love you, see you tomorrow:)

Every Sunday all vx-underground staff members meet up in a discrete location and play the all-time American video game classic: Burger King: Sneak King

Updates to vx-underground:

Papers:
- 2023-12-11 - Mustang Panda’s PlugX new variant targetting Taiwanese government and diplomats
- 2024-01-05 - AsyncRAT loader: Obfuscation, DGAs, decoys and Govno
- 2024-03-22 - Large-Scale StrelaStealer Campaign in Early 2024
- 2024-04-02 - Updated StrelaStealer Targeting European Countries
- 2024-06-21 - AmberAmethystDaisy to QuartzBegonia to LummaStealer
- 2024-06-24 - StrelaStealer Resurgence: Tracking a JavaScript-Driven Credential Stealer Targeting Europe
- 2024-07-10 - DodgeBox: A deep dive into the updated arsenal of APT41 (Part I)
- 2024-07-11 - Brief technical analysis of the Poseidon Stealer
- 2024-07-11 - ClickFix Deception: A Social Engineering Tactic to Deploy Malware

Families:
- ZeroT
- FlokiBot
- PlugX
- RockLoader
- StealC
- Vidar
- SmokeLoader
- Socks5Systemz
- Redline
- Enigma
- DowneksLoader
- BabadedaLoader
- BartRansomware
- Amadey
- ATMitch

A few days ago we were alerted to Roblox 'cheaters' (we're using that term loosely) being impacted by malicious code in their 'cheat tool'.

tl;dr malicious noscript is malicious

The tool being used by Roblox nerds, Wave Executor, executes noscripts. In the event a user intentionally, or accidentally, executes a malicious payload, then of course it is going to be malicious.

If you ran a malicious powershell noscript would you be surprised it was malicious? If you copy-pasted a malicious Python noscript into IDLE and executed it, would you be surprised it's malicious?

The screenshot circulating is not indicative of some ultra-1337 Roblox cheat exploit – the user, or proof-of-concept developer, detonated a malicious noscript. The primary security threat posed to Roblox nerds is, as previously stated, nerds accidentally detonating malicious noscripts. We don't expect a noscript-runner tool designed for Roblox to attempt to determine whether or not something is malicious.

Just be careful copy-pasting code into your noscript-thingy – or don't, whatever.

In September we will be doing a fundraiser. We will be auctioning away 5 limited-edition holographic vx-underground Yu-Gi-Oh cards.

We only have 5.

HELP

A few days ago Fortune magazine did an article about Ferrari disclosing an attempted cybersecurity breach via social engineering.

tl;dr social engineering using ai / deepfake voice

Sometime earlier this month (July, 2024) a Ferrari executive began receiving unusual text messages from an individual impersonating Ferrari Chief Executive Officer Benedetto Vigna.

Interesting, the impersonator called the (unidentified, target's name was not disclosed publicly) executive. The caller is suspected to have used AI and/or deepfake technology to mimick Benedetto Vigna. The unidentified executive stated the tone, the language, and the accent were perfect. However, some of the language seemed unusual. The executive then asked the impersonator: "Sorry, Benedetto, but I need to identify you. What was the noscript of the book you had just recommended to me a few days earlier?"

The individual, unable to answer the question, terminated the phone call.

This is one of the first major, and publicly disclosed, social engineering attempts via AI / deepfake technology that we're aware of. The Threat landscape is slowly shifting (as is tradition).

Full article (paywalled): https://fortune.com/2024/07/27/ferrari-deepfake-attempt-scammer-security-question-ceo-benedetto-vigna-cybersecurity-ai/

vx-underground Roulette:

A binary which generates a random number using a seed you provide. If an even number is generated, you win. If an odd number is generated, a random binary payload off the VXDB is detonated on your machine.

Zscaler's ThreatLabz 2024 ransomware report shows confirmation of DarkAngels ransomware receiving the largest ransomware payment in history: $75,000,000

To put that into perspective: someone could buy 524 2024 Mercedes-Benz G Wagons with this money

or buy 6,000,000,000 Robux...

We had to convert USD and real-world value things into Robux because some of our younger audience members don't seem to comprehend the vastness of this stolen money.

They do however seem to understand Robux because that's the only exposure they've ever had to economics.

We gotta start making more money some how because we're about to be sharing so many samples daily it'll literally cripple us financially 😂😂😂

"I've just gotta lock in", says IT professional on verge of suicide

We are happy to announce that finally, after harddrive purchasers waiting 4.5 months, we have received all of the harddrives from the manufacturer.

Moving forward we're going to completely redo how we handle shipping goods because 4.5 months is ridiculous.

Pic unrelated

Which cat poses the biggest security threat to your organization?

POV: It's 2003, you're in your bedroom, you just limewire'd some totally cool new music, you're working on your xanga profile, and disrespecting people registering on myspace

Bonus: your homie hits you up on AIM, or Yahoo, or MSN, and tells you about how excited they are for Tony Hawk's Underground