uBlock Origin has been flagged by Google as 'not following best practices' from the Google Chrome web store — sparking concern it may be removed. Internet nerds are moving to Firefox or Brave.

Some are stragglers and are using uBlock Origin Lite on strict mode to combat ads.

The notice on the page doesn't explicitly state what uBlock Origin is, or is not, doing to be flagged as not following best practices.

People are theorizing this is Google strong-arming ad blockers so they can boost their ad revenue on places like YouTube

We're being discriminated against — you'll hear from our lawyers.

eSUN 3D Printing has upgraded their stuff. All user credentials are now email:email

Photos via GatorzVR

Yes, having your login email also be your password is standard procedure, this is very normal and safe. Don't worry.

A beta version of Pokémon X&Y has leaked online.

We've seen some download links — but we're too afraid to mention it because we don't want Nintendo to send the Yakuza to our homes

We've updated the vx-underground GitHub malware source code collection.

- Win32.BabylonRAT
- Win32.NjRat
- Win32.Ransomware.Chaos
- Win32.Ransomware.Yashma
- Win32.RedlineStealer
- Win32.CHMiner
- Win32.CometRAT
- Win32.PentagonRAT.Builder
and more...

https://github.com/vxunderground/MalwareSourceCode

Yesterday Chinese researchers from Shanghai University unveiled a technique to defeat RSA and AES encryption using Quantum Computing.

The paper noscriptd: "Quantum Annealing Public Key Cryptographic Attack Algorithm Based on D-Wave Advantage", is in Mandarin and has lots of maths

You can either read what other journalists wrote, or you can try to read it yourself.

The original paper: http://cjc.ict.ac.cn/online/onlinepaper/wc-202458160402.pdf

We understand this may be difficult for our Ameriburger audience to understand, but not everyone who follows vx-underground is located in the United States

Not everything we do is Burger-centric and not everything is related to Ameriburger

It's going to be okay, pinky-promise

Yes, some of us are Ameriburgers.

Some of our staff members are in Europe, and big chunk of our followers are in Europe, Canada, South America, and Australia. Not everything we say or do may not align with our American audience.

Updates:

Archives:
- The Old New Thing, September 2024

Bulk downloads:
- MalwareIngestion2024.10.10
- MalwareIngestion2024.10.11
- MalwareIngestion2024.10.12
- MalwareIngestion2024.10.13
- MalwareIngestion2024.10.14
- VirusSign.2024.10.12
- VirusSign.2024.10.13
- VirusSign.2024.10.14
- Bazaar.2024.09

Malware families:
- AilurophileStealer
- Amadey
- Android.Copybara
- AsyncRAT
- BansheeLoader
- DCRat
- DMALocker
- Emotet
- Fysbis
- Gafgyt
- HzRAT
- KTLVdoor
- Lactrodectus
- LummaStealer
- NeutrinoBot
- PupyRAT
- QuasarRAT
- RedLine
- RhadamanthysLoader
- Sliver
- SmokeLoader
- SnakeKeylogger
- ToneShell
- Vidar
- XenoRAT
- XWorm

Papers:
- 2020-07-16 - Masking Malicious Memory Artifacts Part II - Blending in with False Positives
- 2020-08-04 - Masking Malicious Memory Artifacts Part III - Bypassing Defensive Scanners
- 2022-02-14 - Abusing Exceptions for Code Execution Part 1
- 2022-04-02 - CreateSvcRpc - A custom RPC client to execute programs as the SYSTEM user
- 2022-04-04 - Sharing is Caring - Abusing Shared Sections for Code Injection
- 2022-10-12 - StealthHook - A method for hooking a function without modifying memory protection
- 2023-01-30 - Abusing Exceptions for Code Execution Part 2
- 2023-07-15 - Poch Poch is this thing on - Bypass AMSI with Divide and Conquer
- 2024-10-15 - Introducing Early Cascade Injection from Windows process creation to stealthy injection

Unrelated to malware.

This textbook, presumably from Japan because it's written in Japanese, is an excellent illustration of how Turtles' shells work.

Education is important!

CIA and NSA nerds following vx-underground right now:

The BBC reports the Internet Archive has been compromised by a Threat Actor operating under the moniker "Have I Been Pwned".

This is unequivocally false.

The BBC has incorrectly attributed the compromise to the the website owned and operated by security researcher @TroyHunt

Initially it was (incorrectly) assumed we have compromised the Internet Archive based on the wording of our initial post regarding the compromise.

Now it is incorrectly being reported Troy Hunt compromised the Internet Archive

BianLian ransomware group announced they've ransomed a children's healthcare facility.

Updates:

Papers:
- 2009-05-03 - PE Infection - How to Inject a DLL
- 2017-03-21 - Cloak and Dagger - From Two Permissions to Complete Control of the UI Feedback Loop
- 2020-08-10 - NFCGate - Opening the Door for NFC Security Research with a Smartphone-Based Toolkit
- 2022-01-30 - Retrieving the current EIP in C⁄C++
- 2022-01-30 - SetTcpEntry6 - A custom SetTcpEntry implementation for IPv6
- 2022-02-01 - System-wide anti-debug technique using NtQuerySystemInformation and DuplicateHandle
- 2022-02-02 - Reading and writing remote process data without using ReadProcessMemory ⁄WriteProcessMemory
- 2022-02-04 - CallRemoteAPI - Call functions in remote processes
- 2022-02-04 - CreateSvcRpc - A custom RPC client to execute programs as the SYSTEM user
- 2022-02-04 - EmbedExeLnk - Embedding an EXE inside a LNK with automatic execution
- 2022-02-06 - HijackFileHandle - Hijack a file in a remote process without code injection
- 2022-02-08 - StackScraper - Capturing sensitive data using real-time stack scanning against a remote
- 2022-02-10 - WindowsNoExec - Abusing existing instructions to executing arbitrary code without allocating executable memory
- 2022-09-09 - WriteProcessMemoryAPC - Write memory to a remote process using APC calls
- 2022-10-20 - SharedMemUtils - A simple tool to automatically find vulnerabilities in shared memory objects
- 2022-12-10 - StealthHook - A method for hooking a function without modifying memory protection
- 2023-01-11 - SelfDebug - A useless anti-debug trick by forcing a process to debug itself
- 2024-09-03 - RAMBO - Leaking Secrets from Air-Gap Computers by Spelling Covert Radio Signals from Computer RAM
- 2024-09-07 - PIXHELL Attack - Leaking Sensitive Information from Air-Gap Computers via 'Singing Pixels'