vx-underground
The LiteLLM supply chain attack is big shenanigans. I have to explain the whole thingie though so you can get the full context of the shenanigans. TeamPCP (the people who probably did it) is unironically swinging a big ass fuck off baseball bat, they're swingingβ¦
tl;dr
β€61π₯°18π9π₯5π1
Someone also made a video if you're lazy and don't want to read
https://www.youtube.com/watch?v=i9o4aWxAnLk
https://www.youtube.com/watch?v=i9o4aWxAnLk
YouTube
LiteLLM hack: Big brain target for hackers
LiteLLM hack summary: What is it, why it's smart to target it, and how it happened (so far).
GitHub Issue: https://github.com/BerriAI/litellm/issues/24512
Thread on cursed orange site: https://news.ycombinator.com/item?id=47501729
Original blog post: β¦
GitHub Issue: https://github.com/BerriAI/litellm/issues/24512
Thread on cursed orange site: https://news.ycombinator.com/item?id=47501729
Original blog post: β¦
π₯°23π9β€7
The past couple of months I've personally witnessed a few changes in malware that are so significant that it blatantly sticks out.
1. Malware written in more esoteric languages. I've witnessed a shift away from languages like C/C++ to languages that are heavily abstracted, most notably NodeJS with Electron.
2. A MASSIVE shift toward targeting open source solutions. While this isn't new, the past couple of months its been every single day someone is targeting a supply chain via masquerading or directly targeting the open source provider.
3. AI has assisted with the shift in the malware landscape ... toward higher level languages. I've witnessed a spike in multi staged malware using a lot of LOLBIN-like methods. Again, this isn't anything new, but I've witnessed such a dramatic spike I believe it is the result of AI making it much easier to create and use high level languages
4. The introduction of new threat landscapes: Clawdbot (or whatever it's called now). This has resulted in a shift toward MacOS malware which is referencing bulletin point 3. Heavy usage of ClickFix with high level multi staged languages (bash script to Js)
5. AI being used for social engineering. Historically I've seen really crappy malware lures and phishing pages. I suspect AI is helping polish pages and making them look more realistic, possess no typos, use good grammar, etc.
1. Malware written in more esoteric languages. I've witnessed a shift away from languages like C/C++ to languages that are heavily abstracted, most notably NodeJS with Electron.
2. A MASSIVE shift toward targeting open source solutions. While this isn't new, the past couple of months its been every single day someone is targeting a supply chain via masquerading or directly targeting the open source provider.
3. AI has assisted with the shift in the malware landscape ... toward higher level languages. I've witnessed a spike in multi staged malware using a lot of LOLBIN-like methods. Again, this isn't anything new, but I've witnessed such a dramatic spike I believe it is the result of AI making it much easier to create and use high level languages
4. The introduction of new threat landscapes: Clawdbot (or whatever it's called now). This has resulted in a shift toward MacOS malware which is referencing bulletin point 3. Heavy usage of ClickFix with high level multi staged languages (bash script to Js)
5. AI being used for social engineering. Historically I've seen really crappy malware lures and phishing pages. I suspect AI is helping polish pages and making them look more realistic, possess no typos, use good grammar, etc.
π48π―12β€10π₯°1
vx-underground
The past couple of months I've personally witnessed a few changes in malware that are so significant that it blatantly sticks out. 1. Malware written in more esoteric languages. I've witnessed a shift away from languages like C/C++ to languages that are heavilyβ¦
And for a bit of nuance, this is MY perspective. This is anecdotal. It's totally possible this is just what I'm seeing and it's possible the shift is much smaller than what I've personally seen.
We would need for a larger sampling size and study to be performed.
We would need for a larger sampling size and study to be performed.
β€30β€βπ₯5
Windows Defender is very silly and I am flabbergasted.
I always keep Windows Defender off. As a person who collects malware, writes malware, and pokes malware with a stick, Windows Defender is a big stinky dork who isn't cool and gets in my way.
Earlier today I was doing big brain intellectual stuff that you wouldn't understand (watching police chase videos on YouTube) and suddenly Windows Defender began screaming obnoxiously loud into my headphones that it has detected hundreds of malwares on my machine.
Windows Defender turning itself on is no big deal. I keep my several terabytes of malware segregated (it's in a special folder that is whitelisted, I pray I don't accidentally detonate it). However, Windows Defender was screaming malware was in my C drive.
This is sort of weird ... I write malware, maybe it's flagging one of my proof-of-concepts as malware? Maybe?
I look inside and this fucking piece of shit is flagging my anti-malware project I'm working on as malware. That makes literally zero sense. Nothing in my anti-malware static analysis goofy project is even remotely malicious. What the fuck is this piece of shit yapping about?
In my malware static analysis project I extracted the YARA rules from Windows Defender. I use those same rules for identification.
Windows Defender flagged IT'S OWN RULES as malware because of the strings present in THEIR OWN YARA RULES
You dumb son of a bitch. I HATE YOU. Now I have to spend an extra FOUR MINUTES re-extracting your YARA rules and recompiling them for my project. HOW DARE YOU
I always keep Windows Defender off. As a person who collects malware, writes malware, and pokes malware with a stick, Windows Defender is a big stinky dork who isn't cool and gets in my way.
Earlier today I was doing big brain intellectual stuff that you wouldn't understand (watching police chase videos on YouTube) and suddenly Windows Defender began screaming obnoxiously loud into my headphones that it has detected hundreds of malwares on my machine.
Windows Defender turning itself on is no big deal. I keep my several terabytes of malware segregated (it's in a special folder that is whitelisted, I pray I don't accidentally detonate it). However, Windows Defender was screaming malware was in my C drive.
This is sort of weird ... I write malware, maybe it's flagging one of my proof-of-concepts as malware? Maybe?
I look inside and this fucking piece of shit is flagging my anti-malware project I'm working on as malware. That makes literally zero sense. Nothing in my anti-malware static analysis goofy project is even remotely malicious. What the fuck is this piece of shit yapping about?
In my malware static analysis project I extracted the YARA rules from Windows Defender. I use those same rules for identification.
Windows Defender flagged IT'S OWN RULES as malware because of the strings present in THEIR OWN YARA RULES
You dumb son of a bitch. I HATE YOU. Now I have to spend an extra FOUR MINUTES re-extracting your YARA rules and recompiling them for my project. HOW DARE YOU
π€£97π₯°14β€9π₯3π3π€2
vx-underground
> be olafkswg > some dude on the internet > does stuff with cs2 or something idfk > some other dude arrested for terrorism or something > court doc releases > uses same discord picture as olafkswg > cs2 nerds freak out > OMG HE WAS A TERRORIST no lol sameβ¦
Reference:
π€£50π14β€3π₯°1
Media is too big
VIEW IN TELEGRAM
LeakBase admin "Chucky" was arrested.
For those unfamiliar, LeakBase was this big ass fuck off website which sold, traded, auctioned, and freely distributed stolen data from compromised websites or companies.
LeakBase audience was primarily Eastern European.
Despite the wide spread identify theft, credit card fraud, extortion, initial access brokering, and money laundering that "Chucky" enabled, he was a nice guy.
I used to send silly pictures of kitty cats to him.
For those unfamiliar, LeakBase was this big ass fuck off website which sold, traded, auctioned, and freely distributed stolen data from compromised websites or companies.
LeakBase audience was primarily Eastern European.
Despite the wide spread identify theft, credit card fraud, extortion, initial access brokering, and money laundering that "Chucky" enabled, he was a nice guy.
I used to send silly pictures of kitty cats to him.
β€23π€£15π₯°4
vx-underground
LeakBase admin "Chucky" was arrested. For those unfamiliar, LeakBase was this big ass fuck off website which sold, traded, auctioned, and freely distributed stolen data from compromised websites or companies. LeakBase audience was primarily Eastern European.β¦
Was he a hardcore cyber criminal? Yes
Did he enable crime? Yes
Did he help facilitate crime? Yes
Did he aid and abet criminals? Yes
Did he give a platform to other criminals? Yes
But, did he have good taste in silly kitty cat pictures? Yes, he had very silly kitty cat pictures.
Did he enable crime? Yes
Did he help facilitate crime? Yes
Did he aid and abet criminals? Yes
Did he give a platform to other criminals? Yes
But, did he have good taste in silly kitty cat pictures? Yes, he had very silly kitty cat pictures.
β€21π₯°9π6π2π1