tl;dr trained ai on malware, kind of works, was silly experiment. llms are cool and badass

Probably not that big a deal tbh no one uses NPM

Also, don't see any facts to back up these claims. Could be some dork going bananas over nothing.

Guess we'll wait and see

Update: it's real lmfao y'all are COOKED bro

https://www.aikido.dev/blog/npm-debug-and-chalk-packages-compromised

> do largest supply chain attack in history
> potentially infect millions of apps
> doesnt do the thing good
> makes $0 from compromise

I don't wanna support the villain here, but my guy, you gotta lock in. You could have infected hundreds of millions of apps and you FUMBLE IT

Look... If you had... one shot... or one opportunity...
To seize everything you ever wanted... one moment...
Would you capture it? Or just let it slip?

...

*slips*

BREAKING

LARGEST SUPPLY CHAIN ATTACK IN HISTORY PULLS OFF MASSIVE CRYPTO HEIST

ATTACKS STEAL $20.05 OF ETH. ENTIRE WORLD CRUMBLING

Posting from mobile. Im not sure why my phone wrote "Lesbian Dating App" like it was an official title or acronym or something (LDA)....

Lolwtf

I recommend following this thread (comments and quoted retweets) to follow the drama and shit storm.

STOP THE SLOP. NO MORE AI VIBE CODED APPS.

https://x.com/acgfbr/status/1965116645556600882

If people keep pushing AI vibe coded slop imagine how much money us cybersecurity nerds are gonna make

Chat, it's going to be a very prosperous couple of decades

> TeaApp
> Used Firebase
> Bucket not configured correctly

> Brazil dating app (Sapphos)
> Used Firebase
> Bucket not configured correctly

It's literally free money

The drama in Brazil continues.

Sapphos, a lesbian-focused dating app, was compromised as a result of a poorly developed API with users speculating it was vibe coded.

Sapphos, after discovering the situation unfolding on social media, quickly put out a message regarding the compromise.

Sapphos begins by implying the compromise was a targeted campaign by men. However, while it was compromised by men, it does not appear (based on social media conversations and threads) to be compromised as a result of disdain toward women. Rather, the compromise was the result of nerds being nerds and messing with the application.

The message concludes with the statement that no documentation was exfiltrated. However, based on photo evidence on social media, this is incontrovertibly false. Photos and logs have been presented which proves this is false.

tl;dr Brazil mentioned?

I say Brazil mentioned because following the post about the compromise and/or data leak, Brazil nerds seemed happy to see Brazil mentioned.

Brazilian people are cool and badass

Mildly interesting

As I'm working on collecting older malware samples I've made some observations.

1. The word "IOC" (Indicator of Compromise) has not been present in a report from 2001 - 2010.

2. Most malware samples were not shared. If they were shared they used MediaFire

3. Around 2008 people began referencing VirusTotal for malware detection rates and names. VirusTotal reports from that era are broken because they URLs have changed. VirusTotal's URLs were originally in spanish and were HTTP based

4. One of the first vendors to share malware MD5 (or SHA1, haven't seen a SHA256 yet) was FireEye (now Trellix) and Secureworks

5. Malware campaigns using social networks for target users was revolutionary concepts in 2009.

6. Conficker malware analysis reports illustrate how much malware has evolved. The malware techniques used by Conficker are amateur at best compared to modern malware techniques. Conficker was declared revolutionary (not exact words) because of its modularity. See attached image. A modern malware payload doing what Conficker did is ... meh ... everyone can do this. Interesting how much has changed.

The most interesting person in the world was messaging me.

They've suddenly deleted their e-mail and Xitter account.

Come back:(

MALAYSIA, STOP. DO NOT VIBE CODE A BANK

NOOOOO

https://www.rytbank.my/