Malware Noob Month Post #8

What is "undetectable malware"?

Well, it doesn't really exist. Kind of. There has been discussions of governments (United States, Russia, China) which had malware active for long durations of time and not getting caught. For example, Russia's "Woodchipper" was undetected for years.

The secret is "tailored" malware.

Malware campaigns are caught and tracked all the time because Threat Actors want their malware on as many computers as possible. The more "noise" these groups make, the more machines they infect, the more anti-malware companies can see.

However, specially crafted malware, designed for unique systems, unique environments, with a very specific goal in mind, can go undetected for A LONG time. Once a malicious program has made its way onto the target... And it's nowhere else in the world... How can anyone know it exists?

In these scenarios the chance of the malware being detected boils down to luck and/or fate.

For example, the United States government malware "Stuxnet", which targeted Nuclear Centrifuges, was caught by complete accident. That is a long story I highly recommend you read (or maybe look it up on YouTube, maybe a video exists about it)

In summary, the more machines infected the more likely you'll be detected.

I watched this video on YouTube which questioned the validity of a YouTube series called "Hot Ones".

To make a long story short, each of the hot sauces in that show are derived from super mega fuck off hot peppers, but the sauces themselves are not nearly as hot because they're watered down, given flavoring, etc. It's like, sort of fake advertising, but sort of not? It allows people to be like "i HaD tHe HoTtEsT sAuCe eVeR", but it's not. Whatever.

Anyway, then these nerds sent all these different sauces to a laboratory to have scientists do science. They determined that they hottest sauce in the world (or from the dozens of sauces they selected) is a hot sauce called "Mad Dog 357".

I just got a bottle of it

I don't know why because normally the spiciest thing I eat is salt. The science and stuff inspired me to experience the hottest thingy of sauce in the world.

I don't expect anyone to give a shit about "the weird malware cat picture collection" persons thoughts on hot sauce and esoteric YouTube videos is. I just wanted to share this random bit of information with someone.

1. I've learned nerds are very passionate about hot sauce
2. I am concerned that perhaps I am in over my head based off this persons experience with the #2 sauce

Update: Tried MadDog 357. The bottle is cool looking and it comes with a bullet thingy that is a keychain. No idea.

Opened the bottle, the smell made my nose tingle. Very cool.

I put a few drops around a chip. The few drops were probably too much in retrospect. Nerds told me to use a single drop. I thought they were being dramatic. They were not.

At first it tasted kind of sweet. It then went 0 to 100 and it summoned a burn I haven't really experienced before from spicy stuff.

It made my tongue feel like it was physically on fire.

It's been well over an hour and my stomach feels like it has a bruise.

I drank milk and slowly the burn went away within 5 minutes or so.

Overall I rate the experience a 3/10. It was painful and uncomfortable, but it wasn't crazy (I didn't cover a chip in the sauce, I used the sauce sparingly). It sucked, but it was a fun experience with super spicy stuff.

Really exciting things coming.

Working on a massive enhancement to vx-underground. It'll take several months to accomplish it, but it'll be well worth it.

Thank you all of our sponsors and donors. Your money lets me do crazy shit on the internet.

Hint: it's involves malware

for a really long time i thought the Large Hadron Collider was the "Large Hardon Collider".

i never even questioned it. i was like, "well, its science and things are hard"

this is the type of music people listen to when they're extorting companies and laundering money on the internet

Hello,

All APT samples and papers have been moved to "./Archive/Old APT Collection". It is available for bulk download.

A directory will be created which will house ALL malware samples listed in malware analysis papers. This is a long term project which may years to complete.

may take years**

tl;dr trained ai on malware, kind of works, was silly experiment. llms are cool and badass

Probably not that big a deal tbh no one uses NPM

Also, don't see any facts to back up these claims. Could be some dork going bananas over nothing.

Guess we'll wait and see

Update: it's real lmfao y'all are COOKED bro

https://www.aikido.dev/blog/npm-debug-and-chalk-packages-compromised

> do largest supply chain attack in history
> potentially infect millions of apps
> doesnt do the thing good
> makes $0 from compromise

I don't wanna support the villain here, but my guy, you gotta lock in. You could have infected hundreds of millions of apps and you FUMBLE IT

Look... If you had... one shot... or one opportunity...
To seize everything you ever wanted... one moment...
Would you capture it? Or just let it slip?

...

*slips*

BREAKING

LARGEST SUPPLY CHAIN ATTACK IN HISTORY PULLS OFF MASSIVE CRYPTO HEIST

ATTACKS STEAL $20.05 OF ETH. ENTIRE WORLD CRUMBLING