Dawg, one of their boys is on VirusTotal flagging ransomware files as safe (comments or safe upvotes)

https://www.virustotal.com/gui/user/zombiebunny/comments

Dawg, why did these cryptodrainer nerds leave their Telegram credentials exposed in plain text in their drainer?

Who are these people and why do they target cancer patients?

Update: entire channel has been deleted. Accounts also deleted.

Where did they go? :(

Clicked the wrong button, accidentally pulled their infrastructure and victim logs, all 907 victims

> find sketchy steam game
> download it
> find shitty .bat
> open it
> find hardcoded telegram creds
> get everything
> pull infra and all logs

dawg, you have to write better malware. took less than 30 minutes bro. you gotta lock in

DAWG WHY DID YOU WHITELIST BY STEAM ID

Okay, I'm done looking at the malware. I enjoyed reversing it and looking at it. I've got stuff I gotta do now though.

Interesting technique by "David" to hire someone from Telegram to make the video game. I never considered this as a TTP. +1 cat picture for the clever idea.

-1 cat picture for using generic malware. This is probably some DaaS or ChatGPT malware. Makes use of Python and .BAT stuff.

-1 cat picture for draining a person with stage-4 cancer. That is really fucked up bro.

Game on Steam:
"BlockBlasters"

Fake VirusTotal user:
"zombiebunny"

Hashes:
"bot"
af2f245a28134ec9ac8e790ecd897a24f9ae7a254aa97dc72d19b6cbaf3233e9

"game2"
aa1a1328e0d0042d071bca13ff9a13116d8f3cf77e6e9769293e2b144c9b73b3

"h"
9c6e4acc987f305ab039c8384c14d1cc303f1ad6296364faa96cbb351729e84d

"Index"
85e815ed3a9a52f13833f39fa47e249a8d463830162b62da6df8deaea89d1010

"Test"
db919e9d879050bba18295adb71f5b1866d0bdb9759bdfc9e2cca719514f7004

White listed users:
79d69f9a712d239a8d66d8f41b78719e93f8c6308f4eb4d6208d227d72ce894e

Bro decides to throw a party after draining $32,000 from a cancer patient

tl;dr of today

> rastalandTV gets crypto drained
> he has stage 4 cancer
> hes targeted specifically for his cancer treatment money
> loses $32,000
> nerds band together
> ZssBecker donates $30,000 to him
> malware nerds come together
> drainer infra found
> pull all victim data from infra
> victims will be notified
> all malware flagged
> osint nerds come together
> find drainers info from their telegram ids
> find info from their steam ids

tl;dr tl;dr stage 4 cancer bro gets fucked over, 50+ nerds band together to undo the damage

fuck cancer

Block Blasters, the cryptodraining malware which masqueraded as a legitimate video game, has been removed from Steam.

Hello,

I've received a bunch of notifications today about the "Block Blaster" ... pseudo-takedown that occurred in response to a group of individuals spearphishing and cryptodraining a cancer patient.

I appreciate everyone thanking me or giving me a congratulations.

I am not fully responsible for the actions which occurred. I did reverse engineer the malware and identify infrastructure, however any work done was accelerated due to a group of people.

When I announced I was going to look at the video game closer to determine if it was malware (it was malware), a person contacted me and spun up a group of like minded people interested in examining Block Blaster closer.

Here are the cool and badass people I worked with:
- zachxbt
- 1989
- andreee_eeeeee
- escrow_
- C4L38
- defidownsin
- "J"
- Random nerds who provided "tips" to us

I've never really spoken with these people before, omit ZachXBT, but each of us was angry from what we had seen.

Before I get off for the evening I want to note that I am uploading Block Blaster to the malware library.

"./Samples/Families/Block Blaster"

I have also synced all samples in Triage and VirusTotal if you want to examine them closer. I noted the SHA256 hashes in a previous post.

tl;dr unironically got really angry at something, spazzed out for like, 4 hours on a Sunday

If you're curious about "Block Blaster", the crypto-draining malware that masqueraded as a legitimate Steam video game, 1989 and some other nerds did a brief write-up on the malware.

tl;dr slop

You can read it here:
https://vx-underground.org/Malware%20Analysis/2025/2025-09-21%20-%20Block%20Blasters%20-%20Forensic%20Report/Paper

dawg, OSINT nerds found the guy who drained the cancer bro. hes an immigrant on a VISA from argentina currently living in miami, florida, USA

the OSINT nerds reported him to ICE 😭

omfg 😭😭

theyre gonna send his ass to CECOT lmfao omg

Woke up people questioning the validity of our findings and suggesting Block Blasters isn't malware.

They are asserting we've incorrectly blamed an indie game dev as malicious.

I've got the game archived. Do you wanna run it and test it out?

Well, the C2 infrastructure is purged, so nothing would happen. But I giggle at the idea of someone trying to disprove us by getting cryptodrained and their login credentials stolen

Here is an image of a Threat Actor trying to lure prominent cryptocurrency holders into downloading a cryptodrainer masquerading as a Steam video game.

In this image they tried to spearphish NoKapRich but failed.

As others pointed out, this Xitter account was compromised from Threat Actors. This is not the Threat Actors personal account.

I'm sharing the tactic they used to lure people.