We don't know much about pagers, or explosives.

But what we do know a little about is malware and we can promise you there is not some 1337 technique that magically transforms a regular battery into an incendiary device.

tl;dr modified pagers, science or something

tl;dr tl;dr this guy fuckin' nailed it and we believe him to be an expert figure on hardware hacking and big brain sciency magic stuff

https://x.com/_MG_/status/1836086734171574446

We've learned some of you don't have Xitter, or the ability to see the post, so here it is as a PDF so you don't have to do stuff.

Oh. My. God.

The possibilities for initial access malware just went through the roof.

Actually, maybe not. Microsoft has upped the ante. It's all over.

We didn't anticipate Microsoft actually caring 😭

ye i program in c

Update:

We found the guy who owns the MALWRE plate and he has received the sticker.

we're gone for 30 minutes and now people are turning walkie talkies into bombs wtf

Lockbit ransomware group claims to have ransomed eFile dot com.

eFile dot com IS NOT the IRS eFile system. eFile dot com is an IRS authorized entity approved for submitting financial documents to the IRS.

we're gone for 2 hours and now people are turning butt plugs into bombs wtf

Just kidding, that didn't happen. That'd be crazy though.

> have prankware idea (non-malicious malware?)
> write simple poc
> it works.png
> decided to rewrite it 1337 coo w/ no dependencies
> ...
> 841 lines of c++ later
> nowhere near done

If you're curious what pain looks like:

https://samples.vx-underground.org/tmp/prankware.txt

Crazy Thursday.

- Dr. Web, the Russian antivirus company, disclosed a breach. Dr. Web stopped sending antivirus updates September 16th. Subsequently, Dr. Web reportedly disconnected their servers from their internal network while they investigated the suspected compromise. Dr. Web reports to have resolved the issue and has returned to normal day-to-day operations. No Threat Actor has been attributed to the compromise. They believe the compromise occurred on or around September 14th.

- Yesterday, or sometime before, GitHub users were targeted in mass by a large scale phishing and/or malware campaign. An unknown Threat Actor(s) pushed their Lumma Stealer campaign by leaving bogus issues on GitHub projects. When the project owner visited the issue, the issue linked to a domain noscriptd 'GitHub-Scanner'. GitHub-Scanner requested the visitor prove their humanity (e.g. not a robot) by doing Windows + R and CTRL + V + ENTER. When the site is visited, the website copies malicious code to the users clipboard. Windows + R, opening Windows Run, and CTRL + V, pasting the malicious code to the Run window and ENTER would run the code, this would trick the user into executing their malware payload. Once the payload is executed, it downloads a file called 'IE6.exe'. IE6.exe is Lumma information stealer. While it is a clever trick, the Threat Actor(s) (intentionally, or unintentionally) did not account for users who are not running Windows. This caused confusion for non-Windows users, or users on mobile devices.

Oh and pagers and walkie talkies exploding. This does not fall into the realm of malware, or news we would typically discuss, but there is a high volume of people who believe this to be malware.

It's not malware. They snuck explosives into the devices.

Have a nice day.

> OMG John Hammond's proof-of-concept trick is being used by Lumma stealer!!!

Us, with a giant library of malware source code and malware builders:

RansomHub ransomware groups claims to have ransomed Liberty First Credit Union.

Liberty First Credit Union is a small to medium sized credit union (not-for-profit bank) located in Omaha, Nebraska.

There is no information on the impact to customers. We don't believe clients money is gone — this isn't an attack against SWIFT. We presume this to be an attack against the institutions internal financial documents and employees.

However, we could also be completely wrong.