vx-underground
Dawg, who the FUCK setup these vx-underground posters in London? This isn't something you can just do in a few minutes. This requires planning and visiting a print shop and stuff. There is no venue listed, the artists aren't real. WHO ARE YOU PEOPLE
I'm being told this is a real thing.
I don't know what's real and what isn't, but August 6th is also DEFCON.
I have no idea, dawg. I give up.
I don't know what's real and what isn't, but August 6th is also DEFCON.
I have no idea, dawg. I give up.
π₯°59π€£35β€10π2
This media is not supported in your browser
VIEW IN TELEGRAM
π€£218β€βπ₯23β€10π₯7π₯°3π3π€―1
This media is not supported in your browser
VIEW IN TELEGRAM
π±53π’38β€26π€£7π€―3π«‘3π2π₯°2
vx-underground
Video
I'm really sick (STILL), don't have mental capacity to shit talk Microsoft, or talk about some weird malware shit, or describe the latest Epstein computer-related gossip and news.
I'm going to steal memes from /g/ Tech Meme's and crawl back into bed.
I'm going to steal memes from /g/ Tech Meme's and crawl back into bed.
β€90π«‘41π₯°10π±4β€βπ₯1π€1π1π1
vx-underground
Photo
WHO IS PUTTING UP THESE POSTERS IN LONDON
Is this some kind of esoteric Britbong humor us Ameriburgers aren't familiar with?
Is this some kind of esoteric Britbong humor us Ameriburgers aren't familiar with?
π€£135β€17π₯°7β€βπ₯1
vx-underground
> Find malware campaign > Check VT > (Looks) New > Currently undetected > Look inside > Obfuscated Lua Seriously? Lua? You guys are a bunch of sick fucks
I'm still sick. I've basically got dysentery from this Influenza Type A. I'm not sure what's worse, pissing out my ass or working with obfuscated Lua. Right now I'm thinking I'd prefer pissing out my ass
π₯°73π€£30π«‘19π―10π5π4β€3π1π1π€―1π±1
> "hey smelly i ran this game, is it malware?"
> doubt_it.png
> bored
> look inside
> game
> look inside
> electron app
> look inside
> weird .png embedded inside
> look inside
> electron app inside png
> wtf
> look inside
> .zip inside png inside of electron app
> wtf
> look inside
> electron app
> ???
> .js inside .zip inside .png inside .asar inside .exe
> look inside
> heavily obfuscated
> doubt_it.png
> bored
> look inside
> game
> look inside
> electron app
> look inside
> weird .png embedded inside
> look inside
> electron app inside png
> wtf
> look inside
> .zip inside png inside of electron app
> wtf
> look inside
> electron app
> ???
> .js inside .zip inside .png inside .asar inside .exe
> look inside
> heavily obfuscated
π₯°94π€£75π«‘10β€4
vx-underground
> "hey smelly i ran this game, is it malware?" > doubt_it.png > bored > look inside > game > look inside > electron app > look inside > weird .png embedded inside > look inside > electron app inside png > wtf > look inside > .zip inside png inside of electronβ¦
What the actual fuck is your problem? Why do you people keep finding weird ass obfuscated Electron.JS malware?
π91π€£36π₯°10β€2
vx-underground
> "hey smelly i ran this game, is it malware?" > doubt_it.png > bored > look inside > game > look inside > electron app > look inside > weird .png embedded inside > look inside > electron app inside png > wtf > look inside > .zip inside png inside of electronβ¦
holy shit this guy is a genius
π€£128π21π₯°5β€3π₯3π2π€©1π1
vx-underground
> "hey smelly i ran this game, is it malware?" > doubt_it.png > bored > look inside > game > look inside > electron app > look inside > weird .png embedded inside > look inside > electron app inside png > wtf > look inside > .zip inside png inside of electronβ¦
This media is not supported in your browser
VIEW IN TELEGRAM
"when i ran it smelly, windows deleted the malicious jar file"
THE MALICIOUS JAR FILE?! WHERE THE FUCK IS THE JAR FILE
> jar inside .js inside .zip inside .png inside .asar inside .exe
THE MALICIOUS JAR FILE?! WHERE THE FUCK IS THE JAR FILE
> jar inside .js inside .zip inside .png inside .asar inside .exe
π€£113π₯°14β€8π6
vx-underground
Starting March, 2026, Discord will require a facial scan or copy of your government issued ID to use 'adult features' on Discord such as participating in stages or viewing Discords and/or channels marked as 18+
The Verge
Discord will require a face scan or ID for full access next month
Age verification for all.
π€£61π’7π«‘7π₯°2β€1
tl;dr SmartLoader malware campaign, multi-staged obfuscated Lua payload to evade detection, currently very effective. Interesting malware find.
Some nerd named bleuonbase was looking for some random "Effect-native SDK" (whatever that is), the 2nd indexed URL on Google was a spoopy looking GitHub repo.
He showed it to me. I was bored (I'm very sick), so I poked it with a stick. To make a long story short, this looks like a new malware campaign from SmartLoader
The thing is an obfuscated Lua Loader and it comes packaged with the traditional Lua dependency junk (Lua JIT and DLL). The payload launches from a .cmd which just passes a .txt to the Lua JIT binary. This is all standard stuff for SmartLoader from early and mid 2025.
If you're curious, lookup the SHA256 for the obfuscated Lua script on VirusTotal: c36ce9080f624c14dd4e1d451228293f786168f4de2d35690d2cffb6cccbae87 (Image 1)
You'll see some of the other thing it's trying to masquerade as. This is all very silly shenanigans.
It's currently exfiltrating to some German IP address and inserting fake Cloudflare headers to make it look like it's Cloudflare: 213.176.73.145
Look up that IP address on VirusTotal and you'll see even more silly shenanigans (Image 2)
Oh, and uses Socket3.lua for stuff, I've uploaded that to VirusTotal and Triage. Was not seen on VT before: f2e4088ebf9d98bcc7cccff153a26a786927ae8de570889af160e695b35d1624
Some nerd named bleuonbase was looking for some random "Effect-native SDK" (whatever that is), the 2nd indexed URL on Google was a spoopy looking GitHub repo.
He showed it to me. I was bored (I'm very sick), so I poked it with a stick. To make a long story short, this looks like a new malware campaign from SmartLoader
The thing is an obfuscated Lua Loader and it comes packaged with the traditional Lua dependency junk (Lua JIT and DLL). The payload launches from a .cmd which just passes a .txt to the Lua JIT binary. This is all standard stuff for SmartLoader from early and mid 2025.
If you're curious, lookup the SHA256 for the obfuscated Lua script on VirusTotal: c36ce9080f624c14dd4e1d451228293f786168f4de2d35690d2cffb6cccbae87 (Image 1)
You'll see some of the other thing it's trying to masquerade as. This is all very silly shenanigans.
It's currently exfiltrating to some German IP address and inserting fake Cloudflare headers to make it look like it's Cloudflare: 213.176.73.145
Look up that IP address on VirusTotal and you'll see even more silly shenanigans (Image 2)
Oh, and uses Socket3.lua for stuff, I've uploaded that to VirusTotal and Triage. Was not seen on VT before: f2e4088ebf9d98bcc7cccff153a26a786927ae8de570889af160e695b35d1624
β€36π₯°5π3
vx-underground
tl;dr SmartLoader malware campaign, multi-staged obfuscated Lua payload to evade detection, currently very effective. Interesting malware find. Some nerd named bleuonbase was looking for some random "Effect-native SDK" (whatever that is), the 2nd indexedβ¦
This all lines up with what SmartLoader did in August.
tl;dr haven't changed shit
https://asec.ahnlab.com/en/89551/
tl;dr haven't changed shit
https://asec.ahnlab.com/en/89551/
ASEC
Distribution of SmartLoader Malware via Github Repository Disguised as a Legitimate Project - ASEC
Distribution of SmartLoader Malware via Github Repository Disguised as a Legitimate Project ASEC
β€22π₯°3π€2
For those curious regarding Epstein files redactions and general information: based on Mr. Massie's visit to the United States Department of Justice today, and his "hint" of this being from "A Sultan", this implicates Sultan Ahmed bin Sulayem.
Around April, 2009, footage was leaked of Issa bin Zayed Al Nahyan a/k/a "Isa", son of Zayed bin Sultan Al Nahyan, beating an Afghanistan merchant. In the video, Isa does the following:
- Hog ties him
- Beats the man with a wooden plank, with nails protruding
- Fires an automatic weapon around the man
- Forces a cattle prod into the mans anus
- Places the cattle prod onto the man
- Runs the man over with a Mercedes SUV
- Ignites the mans genitals with lighter fluid
- Pours salt on the wounds
All of this was performed while Abu Dhabi police were present (seen in the video).
Issa bin Zayed Al Nahyan was found not guilty in court. The Judge proceeding over the case did not explain why Isa was exonerated on all charges.
This appears to be the video Epstein "loved".
Around April, 2009, footage was leaked of Issa bin Zayed Al Nahyan a/k/a "Isa", son of Zayed bin Sultan Al Nahyan, beating an Afghanistan merchant. In the video, Isa does the following:
- Hog ties him
- Beats the man with a wooden plank, with nails protruding
- Fires an automatic weapon around the man
- Forces a cattle prod into the mans anus
- Places the cattle prod onto the man
- Runs the man over with a Mercedes SUV
- Ignites the mans genitals with lighter fluid
- Pours salt on the wounds
All of this was performed while Abu Dhabi police were present (seen in the video).
Issa bin Zayed Al Nahyan was found not guilty in court. The Judge proceeding over the case did not explain why Isa was exonerated on all charges.
This appears to be the video Epstein "loved".
π±105π’23π₯°10β€7π2π€2
vx-underground
For those curious regarding Epstein files redactions and general information: based on Mr. Massie's visit to the United States Department of Justice today, and his "hint" of this being from "A Sultan", this implicates Sultan Ahmed bin Sulayem. Around Aprilβ¦
π₯°56π16π―16π’9π4β€1β€βπ₯1
vx-underground
Discord is only popular because it's convenient. It's shrimple to use, shrimple to install, and requires almost no critical thought to configure. The masses do not care about security, or privacy, or whatever. They want easy. tl;dr discord normiemoggedβ¦
Discord knows everyone will bitch and moan on the internet, SOBBMAXXING, but 99.9% of people will hand over their identification. They'll be scared, or reluctant, but they'll do it anyway so they can keep their yellow badge in their Harry Potter Fan Fiction Roleplay Discord
π―91π€£33π₯°7β€4π4π’3