> have prankware idea (non-malicious malware?)
> write simple poc
> it works.png
> decided to rewrite it 1337 coo w/ no dependencies
> ...
> 841 lines of c++ later
> nowhere near done

If you're curious what pain looks like:

https://samples.vx-underground.org/tmp/prankware.txt

Crazy Thursday.

- Dr. Web, the Russian antivirus company, disclosed a breach. Dr. Web stopped sending antivirus updates September 16th. Subsequently, Dr. Web reportedly disconnected their servers from their internal network while they investigated the suspected compromise. Dr. Web reports to have resolved the issue and has returned to normal day-to-day operations. No Threat Actor has been attributed to the compromise. They believe the compromise occurred on or around September 14th.

- Yesterday, or sometime before, GitHub users were targeted in mass by a large scale phishing and/or malware campaign. An unknown Threat Actor(s) pushed their Lumma Stealer campaign by leaving bogus issues on GitHub projects. When the project owner visited the issue, the issue linked to a domain noscriptd 'GitHub-Scanner'. GitHub-Scanner requested the visitor prove their humanity (e.g. not a robot) by doing Windows + R and CTRL + V + ENTER. When the site is visited, the website copies malicious code to the users clipboard. Windows + R, opening Windows Run, and CTRL + V, pasting the malicious code to the Run window and ENTER would run the code, this would trick the user into executing their malware payload. Once the payload is executed, it downloads a file called 'IE6.exe'. IE6.exe is Lumma information stealer. While it is a clever trick, the Threat Actor(s) (intentionally, or unintentionally) did not account for users who are not running Windows. This caused confusion for non-Windows users, or users on mobile devices.

Oh and pagers and walkie talkies exploding. This does not fall into the realm of malware, or news we would typically discuss, but there is a high volume of people who believe this to be malware.

It's not malware. They snuck explosives into the devices.

Have a nice day.

> OMG John Hammond's proof-of-concept trick is being used by Lumma stealer!!!

Us, with a giant library of malware source code and malware builders:

RansomHub ransomware groups claims to have ransomed Liberty First Credit Union.

Liberty First Credit Union is a small to medium sized credit union (not-for-profit bank) located in Omaha, Nebraska.

There is no information on the impact to customers. We don't believe clients money is gone — this isn't an attack against SWIFT. We presume this to be an attack against the institutions internal financial documents and employees.

However, we could also be completely wrong.

ZachXBT continues to prove himself as a world leading expert in crypto analysis. It is remarkable how a single person can make such a profound impact.

He gave law enforcement everything they needed on a silver plate. He got them busted in less than 2 months.

tl;dr speedrun

Attached PDF is from Twitter. It is how he got 2 crypto thieves arrested for stealing $243,000,000.

There is an interestingly psychological phenomena whereas some Threat Actors, particularly scammers and fraudsters, falsely believe having money will make them respectable or make people like them.

Money means nothing. Materialism does not impress people — only the shallow.

Following the arrest of Malone Iam, for his alleged theft of $243,000,000, the cryptodrainer community has shown support for Malone Iam by having videos produced requesting his freedom.

They got shirts made really fast.

wtf are yall doing chill

Appreciation post time.

There are a lot of security researchers who have an entire career focused on tracking botnets, or information stealers, and do so for years with little to no recognition. We'd like to take a minute to shoutout a few people who we think are doing great stuff and not getting enough love and respect.

- malwrhunterteam, consistently for years tracking malware, initial access malware, and openly sharing information it

- Max_Mal_, Cryptolaemus1 (and whoever is part of the group), JAMESWT_MHT, and 1ZRR4H, for ruthlessly tracking many of the big names botnets and loaders and openly sharing information on it

- JaffaCakes118, and Neiki__, they both are some of the largest malware collectors and distributors. They've freely shared millions of malware samples for years.

- At-Gootloader, actively tracking Gootloader, the initial access malware used by many ransomware groups, and doing so, for free, for literally years.

- bmmaloney97, the number one expert in Windows One Drive analysis and internal. He has openly and freely shared his research for years.

- RussianPanda9xx, for actively tracking Lumma Stealer (and tons of others), for what feels like forever, and openly sharing information and updates on the malware.

There's so many more we could shoutout, but we can't think of anymore off the top of our our head. But your work is respected and remembered. Thank you so much for the things you do for the researchers and the world.

Today the United States Securities and Exchange Commission announced they're seeking to sanction Elon Musk for failing to appear to court for a probe into his acquisition of Twitter.

Previously, Musk was scheduled for May 31st, 2024 in which he failed to appear in court. The SEC then rescheduled the hearing to September 20th, 2024 — he failed to appear in court again, instead he was in Florida attending the SpaceX launch of Polaris Dawn.

SEC lawyer's accused Musk of 'gamemanship', stating it was not be tolerated. Musk's lawyers said sanctions are excessive and instead request his court appearance be rescheduled to October 3rd.

More information: https://www.reuters.com/technology/us-sec-intends-seek-sanctions-against-elon-musk-twitter-probe-2024-09-20/

Unrelated to malware of course, but this is relevant due to Twitter being our primary method of communicating updates and shitposts.

Following the recent arrests as a result of the research conducted by ZachXBT, some photos have been circulating of one of the alleged thieves responsible for the theft of $243,000,000.

In one of the photos Greavys a/k/a Malone Iam purchased a pink Lamborghini Urus, valued at roughly $241,843, and 3 Birkin Bags, valued at an estimated $63,000, for a girl he seemed to have a crush on.

She replied, "I am taken once again". She didn't even say "Thank you". 😭😭😭😭

Also, shoutout to this girl for being fiercely loyal to her boyfriend (or girlfriend). There are a lot of people who would sell their soul for these expensive gifts.

Sometimes you have to stare at your code, scrolling up and down, top to bottom, and take time to admire your own work and be proud.

and sometimes you just stare at your code and say, "what the fuck is this piece of shit".

"Why doesn't this work?"

A better question sometimes asked is, "How does this even work?"

Note: we've learned that the woman he had a crush on is a model and comes from an affluent background. She has a strong and lengthy portfolio doing professional modeling with large and well known brands.

She owns her own Lamborghini.