vx-underground
History has a way of repeating itself. Earlier today United States Secretary of Health, Robert F. Kennedy Jr, states he believes one potential cause of mass shootings (of several he listed) is video games. Potential games which may make you prone to beingβ¦
Call of Duty and Grand Theft Auto are some of the most successful game franchises on the planet and in history thus far.
It would be extraordinary difficult to find a younger person (Gen Z, Millennial, maybe Gen X), who hasn't played Grand Theft Auto or Call of Duty
The insinuation is so absurd. It's like stating 1 out of every 1 (100%) of people could be potentially violent.
???
It would be extraordinary difficult to find a younger person (Gen Z, Millennial, maybe Gen X), who hasn't played Grand Theft Auto or Call of Duty
The insinuation is so absurd. It's like stating 1 out of every 1 (100%) of people could be potentially violent.
???
β€47π16π8π€£6π―4π₯3π’1
Tomorrow on the vx-underground internet schizophrenia show:
- More malware papers
- More malware samples
- 5 Malware Noob Month Posts (I'm behind schedule)
- Cat pictures?
- Ransomware operator indicted
- Is malware illegal and for nerds?
- More malware papers
- More malware samples
- 5 Malware Noob Month Posts (I'm behind schedule)
- Cat pictures?
- Ransomware operator indicted
- Is malware illegal and for nerds?
β€46π€―13π₯4π2π’1
Malware Noob Month Post #9
It's impossible to know everything about malware.
That's an obvious statement people say about every subject, but I think it's important to add some context to this to really shine a light on the topic.
First and foremost, malware exists on different platforms and different architectures. This in of itself broadens the scope of malware. You essentially have a few main categories of study and then what I would describe as "everything else"
1. Windows malware
2. Linux malware
3. MacOS malware
4. Mobile malware
5. Web malware
6. ICS/SCADA malware
7. IoT malware
8. everything else...
Windows malware is the most common and widely studied and discussed. The reason why is that Windows is most commonly used in enterprise environments. That's where malware will drift toward naturally. That's where the money is.
Linux malware is far less common due to the rarity of Linux based operating systems in enterprise environments. Yes, of course they exist in enterprise environments, but it's not nearly as common as Windows. Linux malware also has some difficulties whereas Linux users *usually* aren't as ... uneducated ... as Windows users. Basically, Linux is for nerds. It's a little harder to get nerds to detonate malware.
MacOS malware very much exists. It's an extremely niche and specialized field of study on the malware ecosystem. Being completely honest, I don't know shit about MacOS malware. I've never even really used an Apple product. People like Patrick Wardle do lots of research on MacOS malware and do malware things.
Mobile malware is rampant. It exists on both Android and iPhone. However, iPhone malware is much more hush-hush (I can only speculate why). Android malware is a huge field of study, it's found every single day, it poses a very real risk. I also don't know much about it. People like Laurie Wired and some other nerd who works at ESET (can't remember your name right now, sorry bro, I love you), discuss it often. Mobile malware now has become a real area of focus since the rise of targeted malware (such as Pegasus Spyware). Everyone has a mobile device. Long story. Crazy stuff.
Web malware is fairly generic nowadays. Historically PHP malware was a huge problem in the mid-2000s. Now most web based malware is malicious HTML pages which try to convince you to run binaries. It exists, but it isn't as robust as it used to be due to changes in web application architecture.
ICS/SCADA malware is a cluster fuck. It's malware for Industrial Control Systems such as Electrical Power Plants, Nuclear Centrifuges, Water Plants, etc. I know even less about ICS/SCADA malware than I do about MacOS malware. Cybersecurity firm Dragos is a big player in ICS/SCADA malware. ICS/SCADA malware is also kind of "deadly" in that this sort of malware can really impact people's lives (losing power in their home, for example).
IoT malware (Internet of Things), is a currently fairly generic malware topic. Most IoT devices (cameras, washing machines, shit that shouldn't be connected to the internet) are Linux based operating systems. Hence, they have heavy overlap with Linux malware. However, IoT devices and IoT malware typically revolve around botnets (DDoS) because (usually) IoT devices cannot be used for much else other than bandwidth.
Everything else...
Nerds putting malware on toasters, car firmware, ... Anything niche and weird. People will do something cool with it. Someone once put malware on stuff that tracks cows? They turned cows into DDoS stuff or something. Someone also wrote ransomware for chastity belts...
It's impossible to know everything about malware.
That's an obvious statement people say about every subject, but I think it's important to add some context to this to really shine a light on the topic.
First and foremost, malware exists on different platforms and different architectures. This in of itself broadens the scope of malware. You essentially have a few main categories of study and then what I would describe as "everything else"
1. Windows malware
2. Linux malware
3. MacOS malware
4. Mobile malware
5. Web malware
6. ICS/SCADA malware
7. IoT malware
8. everything else...
Windows malware is the most common and widely studied and discussed. The reason why is that Windows is most commonly used in enterprise environments. That's where malware will drift toward naturally. That's where the money is.
Linux malware is far less common due to the rarity of Linux based operating systems in enterprise environments. Yes, of course they exist in enterprise environments, but it's not nearly as common as Windows. Linux malware also has some difficulties whereas Linux users *usually* aren't as ... uneducated ... as Windows users. Basically, Linux is for nerds. It's a little harder to get nerds to detonate malware.
MacOS malware very much exists. It's an extremely niche and specialized field of study on the malware ecosystem. Being completely honest, I don't know shit about MacOS malware. I've never even really used an Apple product. People like Patrick Wardle do lots of research on MacOS malware and do malware things.
Mobile malware is rampant. It exists on both Android and iPhone. However, iPhone malware is much more hush-hush (I can only speculate why). Android malware is a huge field of study, it's found every single day, it poses a very real risk. I also don't know much about it. People like Laurie Wired and some other nerd who works at ESET (can't remember your name right now, sorry bro, I love you), discuss it often. Mobile malware now has become a real area of focus since the rise of targeted malware (such as Pegasus Spyware). Everyone has a mobile device. Long story. Crazy stuff.
Web malware is fairly generic nowadays. Historically PHP malware was a huge problem in the mid-2000s. Now most web based malware is malicious HTML pages which try to convince you to run binaries. It exists, but it isn't as robust as it used to be due to changes in web application architecture.
ICS/SCADA malware is a cluster fuck. It's malware for Industrial Control Systems such as Electrical Power Plants, Nuclear Centrifuges, Water Plants, etc. I know even less about ICS/SCADA malware than I do about MacOS malware. Cybersecurity firm Dragos is a big player in ICS/SCADA malware. ICS/SCADA malware is also kind of "deadly" in that this sort of malware can really impact people's lives (losing power in their home, for example).
IoT malware (Internet of Things), is a currently fairly generic malware topic. Most IoT devices (cameras, washing machines, shit that shouldn't be connected to the internet) are Linux based operating systems. Hence, they have heavy overlap with Linux malware. However, IoT devices and IoT malware typically revolve around botnets (DDoS) because (usually) IoT devices cannot be used for much else other than bandwidth.
Everything else...
Nerds putting malware on toasters, car firmware, ... Anything niche and weird. People will do something cool with it. Someone once put malware on stuff that tracks cows? They turned cows into DDoS stuff or something. Someone also wrote ransomware for chastity belts...
π₯57β€19π€£11π€4π«‘4π’1π―1
Chat, who would have thought?
A study on the United Kingdom Online Safety Act shows that websites that complied with the United Kingdom government, and performed ID verification, lost 90% of it's web traffic.
Users went to unregulated sites.
https://www.techdirt.com/2025/09/08/uk-age-verification-data-confirms-what-critics-always-predicted-mass-migration-to-sketchier-sites/
A study on the United Kingdom Online Safety Act shows that websites that complied with the United Kingdom government, and performed ID verification, lost 90% of it's web traffic.
Users went to unregulated sites.
https://www.techdirt.com/2025/09/08/uk-age-verification-data-confirms-what-critics-always-predicted-mass-migration-to-sketchier-sites/
Techdirt
UK Age Verification Data Confirms What Critics Always Predicted: Mass Migration To Sketchier Sites
New data from the UKβs age verification rollout provides hard evidence of what internet governance experts have been warning about for years: these laws donβt protect childrenβthey systβ¦
π€£93π₯25π«‘14β€8π€5π’1
New papers.
- 2025-08-26 - Alternatives to NtAllocateMemoryEx
- 2025-08-17 - Control Flow Obfuscation What happens if we modify callee-saved registers
- 2025-08-15 - Driver Reverse Engineering 101
- 2025-07-15 - Weaponizing Windows Drivers
This could be you if you read them
- 2025-08-26 - Alternatives to NtAllocateMemoryEx
- 2025-08-17 - Control Flow Obfuscation What happens if we modify callee-saved registers
- 2025-08-15 - Driver Reverse Engineering 101
- 2025-07-15 - Weaponizing Windows Drivers
This could be you if you read them
β€44π6β€βπ₯5π₯°4π±2π1π’1
vx-underground
New papers. - 2025-08-26 - Alternatives to NtAllocateMemoryEx - 2025-08-17 - Control Flow Obfuscation What happens if we modify callee-saved registers - 2025-08-15 - Driver Reverse Engineering 101 - 2025-07-15 - Weaponizing Windows Drivers This could beβ¦
YouTube
Teddy's Olympic training starts NOW πͺ
Berkeley Humane is providing for all of Teddy's medical needs - please consider donating to support him and other kittens like him! https://berkeleyhumane.org/kitten-season/?utm_source=teddy
β€34π₯°20π’1
Malware Noob Month Post #10
It's impossible to know everything about malware (yes, again, I'm writing this).
Previously I discussed different platforms and architectures. That is just the tip of the iceberg.
If you subscribe to a Threat Intelligence and/or Information Exchange platform you'll see how much information on malware comes flooding in.
Everyday (omit weekends and major holidays) at least one cybersecurity vendor releases a report on an on-going malware campaign or group. On average vx-underground archives 20 malware reports a week. Some months it has gone as high as 100 a month.
These malware reports document new and evolving malware techniques, malware threat groups, who (or why) someone (or something) is being targeted, etc. They also sometimes give a comprehensive breakdown on how the malware works.
Additionally, cybersecurity researchers release papers on offensive malware development practices. These are less common as malware research reports, however vx-underground ingests roughly 20 (Windows based reports*) a month. Unfortunately, we also miss a lot of cool research papers because they're more decentralized than malware research papers.
The volume of material coming in daily, or weekly, is suffocating and overwhelming. If you truly wanted to be cutting edge and on top of everything you would have to allocate several hours a day to simply reading papers. If you wanted to read everything historically it would probably require thousands upon thousands of hours ... which only grows everyday you spend not reading new material.
This is one reason (of many) why malware researchers (offensive or defensive) have focus areas. Instead of reading everything they emphasize something they believe interesting such as only studying ransomware, or information stealer malware, or choosing to only focus on developing malware for Windows, etc.
tldr to know EVERYTHING you're going to have to LOCK IN for YEARS and spend easily 16 hours a day or more reading just to TRY to catch up.
It's impossible to know everything about malware (yes, again, I'm writing this).
Previously I discussed different platforms and architectures. That is just the tip of the iceberg.
If you subscribe to a Threat Intelligence and/or Information Exchange platform you'll see how much information on malware comes flooding in.
Everyday (omit weekends and major holidays) at least one cybersecurity vendor releases a report on an on-going malware campaign or group. On average vx-underground archives 20 malware reports a week. Some months it has gone as high as 100 a month.
These malware reports document new and evolving malware techniques, malware threat groups, who (or why) someone (or something) is being targeted, etc. They also sometimes give a comprehensive breakdown on how the malware works.
Additionally, cybersecurity researchers release papers on offensive malware development practices. These are less common as malware research reports, however vx-underground ingests roughly 20 (Windows based reports*) a month. Unfortunately, we also miss a lot of cool research papers because they're more decentralized than malware research papers.
The volume of material coming in daily, or weekly, is suffocating and overwhelming. If you truly wanted to be cutting edge and on top of everything you would have to allocate several hours a day to simply reading papers. If you wanted to read everything historically it would probably require thousands upon thousands of hours ... which only grows everyday you spend not reading new material.
This is one reason (of many) why malware researchers (offensive or defensive) have focus areas. Instead of reading everything they emphasize something they believe interesting such as only studying ransomware, or information stealer malware, or choosing to only focus on developing malware for Windows, etc.
tldr to know EVERYTHING you're going to have to LOCK IN for YEARS and spend easily 16 hours a day or more reading just to TRY to catch up.
π₯38β€24π5π€£2π«‘2π―1
The Nepal government was overthrown, or something, and new government leadership has been selected by performing a poll on Discord.
https://www.nytimes.com/2025/09/11/world/asia/nepal-protest-genz-discord.html
https://www.nytimes.com/2025/09/11/world/asia/nepal-protest-genz-discord.html
NY Times
Nepalβs Social Media Ban Backfires as Politics Moves to a Chat Room
βThe Parliament of Nepal right now is Discord,β a user said of the platform popular with video gamers, where tens of thousands are debating the nationβs future.
π₯49π€―34π6π€£5β€1π1π’1π1
Some of the people who helped throw the Nepal government follow us
I was just criticizing Discord for an election because I don't think it's a secure place to do it
I'm sorry. Please don't kill me (bro, they overthrew the fucking government, these nerds DO NOT fuck around)
I was just criticizing Discord for an election because I don't think it's a secure place to do it
I'm sorry. Please don't kill me (bro, they overthrew the fucking government, these nerds DO NOT fuck around)
π«‘85π40β€7π’3β€βπ₯2π€1π―1
vx-underground
Some of the people who helped throw the Nepal government follow us I was just criticizing Discord for an election because I don't think it's a secure place to do it I'm sorry. Please don't kill me (bro, they overthrew the fucking government, these nerdsβ¦
I need to add some context
No one from Nepal threatened me. This post is me trying to be funny and light hearted
I deleted 2 posts about Nepal because I was misinformed and was accidentally spreading misinformation. People from Nepal politely corrected me.
Tldr no big deal
No one from Nepal threatened me. This post is me trying to be funny and light hearted
I deleted 2 posts about Nepal because I was misinformed and was accidentally spreading misinformation. People from Nepal politely corrected me.
Tldr no big deal
β€62π€£26π«‘7π₯°2π1π’1
Malware Noob Month Post #11
Is writing malware illegal? No.
If writing malware was illegal everyone in vx-underground, and associated with vx-underground, would be in prison by now.
Writing malware is all about intent. What your intentions are with what you've made.
If you write a cool malware proof-of-concept and then do nothing with it, you just did it for the love of the game and fun, then it's not a crime.
If you write a cool malware proof-of-concept and open sourced it on GitHub for others to review, give feedback, or to study from, then it's not a crime
If you write a fully weaponized malware C2 (panel, builder, payload, modules), and then keep it all for yourself and do nothing with it, then it's not a crime.
If you write a fully weaponized malware C2 (panel, builder, payload, modules), and then share it privately with friends, then you're potentially putting yourself in a small (microscopic) amount of danger. If your friend uses it for a large scale malware campaign, and you're identified as the author, you might have some legal problems.
If you write a fully weaponized malware C2 (panel, builder, payload, modules), and then exclusively sell it to Threat Actors, then that is a crime.
If you write a fully weaponized malware C2 (panel, builder, payload, modules), and then sell it to Red Team companies for ethical stuff, then it's not a crime, but you should probably consult with a lawyer in the event something bad happens and you're blamed (it leaks, used without consent, etc)
If you write a fully weaponized malware C2 (panel, builder, payload, modules), and then sell it to the government and/or it's allies, then it gets weird and you're probably just a patriot or something, I don't know.
If you write a fully weaponized malware C2 (panel, builder, payload, modules), and then sell it to foreign adversaries of your government, then it's a crime (probably)
Is writing malware illegal? No.
If writing malware was illegal everyone in vx-underground, and associated with vx-underground, would be in prison by now.
Writing malware is all about intent. What your intentions are with what you've made.
If you write a cool malware proof-of-concept and then do nothing with it, you just did it for the love of the game and fun, then it's not a crime.
If you write a cool malware proof-of-concept and open sourced it on GitHub for others to review, give feedback, or to study from, then it's not a crime
If you write a fully weaponized malware C2 (panel, builder, payload, modules), and then keep it all for yourself and do nothing with it, then it's not a crime.
If you write a fully weaponized malware C2 (panel, builder, payload, modules), and then share it privately with friends, then you're potentially putting yourself in a small (microscopic) amount of danger. If your friend uses it for a large scale malware campaign, and you're identified as the author, you might have some legal problems.
If you write a fully weaponized malware C2 (panel, builder, payload, modules), and then exclusively sell it to Threat Actors, then that is a crime.
If you write a fully weaponized malware C2 (panel, builder, payload, modules), and then sell it to Red Team companies for ethical stuff, then it's not a crime, but you should probably consult with a lawyer in the event something bad happens and you're blamed (it leaks, used without consent, etc)
If you write a fully weaponized malware C2 (panel, builder, payload, modules), and then sell it to the government and/or it's allies, then it gets weird and you're probably just a patriot or something, I don't know.
If you write a fully weaponized malware C2 (panel, builder, payload, modules), and then sell it to foreign adversaries of your government, then it's a crime (probably)
π«‘51β€25π€£12π₯6β€βπ₯1π1π€1π’1π―1
vx-underground
Malware Noob Month Post #11 Is writing malware illegal? No. If writing malware was illegal everyone in vx-underground, and associated with vx-underground, would be in prison by now. Writing malware is all about intent. What your intentions are with whatβ¦
Oh, ya, this varies in each country by the way. This is the law for the United States. A lot of countries have similar laws. Apparently Germany is not cool or badass though and bitches about shit a lot more because they're lame and old
β€27π―11π’7π€£6π5π±4
vx-underground
Malware Noob Month Post #11 Is writing malware illegal? No. If writing malware was illegal everyone in vx-underground, and associated with vx-underground, would be in prison by now. Writing malware is all about intent. What your intentions are with whatβ¦
Oh and I'm not a lawyer, or whatever. This is just my dumbass opinion, or something
β€32π€7π6π5π’2π―2