Dawg, I don't want to sound like a hater, but some of you malware nerds NEED to lock in and TRY HARDER.
Someone found a malicious GitHub repo and DM'd it to me. It had piss poor obfuscation (if you even want to call it that, it's Base64 encoding) and the malware C2 is basically plain text.
The delivery method is masquerading as an Adobe Acrobat plugin? My Brother in Christ, WHAT ARE YOU DOING
The C2 is literally houndsregimeskid-dot-com
Hounds Regime Skid? Hounds Regimes Kid?
Also, for the record, if the people who wrote this malware are reading this: I'm not the guy spamming your Telegram C2. That is someone else. You left all of Telegram channel stuff plain text too
Someone found a malicious GitHub repo and DM'd it to me. It had piss poor obfuscation (if you even want to call it that, it's Base64 encoding) and the malware C2 is basically plain text.
The delivery method is masquerading as an Adobe Acrobat plugin? My Brother in Christ, WHAT ARE YOU DOING
The C2 is literally houndsregimeskid-dot-com
Hounds Regime Skid? Hounds Regimes Kid?
Also, for the record, if the people who wrote this malware are reading this: I'm not the guy spamming your Telegram C2. That is someone else. You left all of Telegram channel stuff plain text too
π€£112π₯°9β€6π’1
Image 1. Website with uBlock Origin on
Image 2. Website with uBlock Origin off
uBlock Origin IS PREVENTING US FROM FREE MALWARE
Image 2. Website with uBlock Origin off
uBlock Origin IS PREVENTING US FROM FREE MALWARE
π€£162π₯°14β€9π’7π±6π1π€1
vx-underground
Image 1. Website with uBlock Origin on Image 2. Website with uBlock Origin off uBlock Origin IS PREVENTING US FROM FREE MALWARE
I'm torn mentally, physically, and maybe a little bit sexually.
I hate advertisements. On the other hands, I like malware. I don't know what to do. I am forsaken.
I hate advertisements. On the other hands, I like malware. I don't know what to do. I am forsaken.
β€73π€£22π5π€4π’4π₯°3π―2π1
vx-underground
> be me > "smelly is this malware?" > download file > file.exe > click to rename file > accidentally hit enter > detonate malware on personal pc chat, ive accidentally detonated an information stealer on my pc. brb
shout out to salat stealer for having my banking information right now
π99π€£34β€9π6π₯°5π3β€βπ₯1
vx-underground
> be me > "smelly is this malware?" > download file > file.exe > click to rename file > accidentally hit enter > detonate malware on personal pc chat, ive accidentally detonated an information stealer on my pc. brb
What do I do in this scenario?
1. Disconnect from internet
2. Sigh, take a huge rip off my vape
3. Blame the keyboard, not me.
4. Remove the .exe, any persistence mechanism on my machine
5. Angrily reset all my passwords
6. Refuse to use a VM in the future, I'm not a coward
1. Disconnect from internet
2. Sigh, take a huge rip off my vape
3. Blame the keyboard, not me.
4. Remove the .exe, any persistence mechanism on my machine
5. Angrily reset all my passwords
6. Refuse to use a VM in the future, I'm not a coward
π€£173π19β€14π₯°9π―6π3π3β€βπ₯2π1π’1
I guess the only thing more embarrassing than accidentally detonating an information stealer payload on your computer, while trying to remove the .exe file extension, is reviewing the payload closer and seeing it comes with cartoon pornography (I've censored it) and an image of a random woman
π€£164π’12π€10β€7π€―7π₯4π₯°3π±2π2π1π1
vx-underground
"Why are you reverse engineering malware on your main PC? Why don't you use a VM? If you used a VM you wouldn't have infected yourself"
Okay, the silly shenanigans are over. I've repaired the damage done to my box. Overall this was a very whimsical Saturday.
For people new to this account:
Do I really not use a VM when doing malware analysis? Yes. I have a VM, but I don't know, I get lazy. I throw the malware in a random directory called like, "sgsdggggg" (I type random letters on the keyboard) and start poking it.
Is this the first time I've detonated malware on my computer? No. I've detonated ransomware (REvil), some suspected state-sponsored malware from the Russian government (APT28), a crypto-miner, and now this.
I also once messed up an rsync command and synced my tax documents to the staff at DEFCON. They expected malware, instead they got my birth certificate, my tax returns, and some other various documents.
Do I panic? No, I deal with malware every single day. I collect malware, reverse engineer malware, write malware, etc. It is more annoying than actually concerning. The only time I was genuinely concerned was when I detonated REvil because I usually don't make backups (I'm not a coward).
Basically, I'm a jackass who has gotten way too comfortable with malware and you should not do what I do.
For people new to this account:
Do I really not use a VM when doing malware analysis? Yes. I have a VM, but I don't know, I get lazy. I throw the malware in a random directory called like, "sgsdggggg" (I type random letters on the keyboard) and start poking it.
Is this the first time I've detonated malware on my computer? No. I've detonated ransomware (REvil), some suspected state-sponsored malware from the Russian government (APT28), a crypto-miner, and now this.
I also once messed up an rsync command and synced my tax documents to the staff at DEFCON. They expected malware, instead they got my birth certificate, my tax returns, and some other various documents.
Do I panic? No, I deal with malware every single day. I collect malware, reverse engineer malware, write malware, etc. It is more annoying than actually concerning. The only time I was genuinely concerned was when I detonated REvil because I usually don't make backups (I'm not a coward).
Basically, I'm a jackass who has gotten way too comfortable with malware and you should not do what I do.
π€£167β€25π€12π―8β€βπ₯3π2π€2π1π’1π1
I get so many DMs, emails, and comments on social media of people calling me a cat
It's some sort of deep state psyop by silly cat picture to make me a furry
It's not going to work. Stop calling me a cat and stop asking me to meow you goobers
It's some sort of deep state psyop by silly cat picture to make me a furry
It's not going to work. Stop calling me a cat and stop asking me to meow you goobers
π₯°116π25π7β€6π―6π₯1π’1π€£1
This media is not supported in your browser
VIEW IN TELEGRAM
β€106π₯°28π€£14π’7π3
vx-underground
Video
I know you expected a post about malware, or something, but I've been battling demons (trying to get a baby to sleep) and I've got nothing.
I did however find this video to be cute and silly, so I decided to share it
I did however find this video to be cute and silly, so I decided to share it
β€87π₯°25π12π5π€£5π4π€2π’1
The best thing about being a Dad is that now I can dress like Dad
I just purchased several pairs of cargo shorts and button up shirts I intend on tucking in.
I just purchased several pairs of cargo shorts and button up shirts I intend on tucking in.
β€122π41π8π€£6β€βπ₯4π₯°4π4π₯3π’3π2π«‘1
GTV VI leaks reportedly show the pricing for the game at $25,999
Gamers can take out a loan from Rockstar Games official banking app, or get a 2% discount if they pay in full at checkout
They have options available if you have no credit or poor credit
Gamers can take out a loan from Rockstar Games official banking app, or get a 2% discount if they pay in full at checkout
They have options available if you have no credit or poor credit
π160π€£63β€19π₯9π€4π±3π2π₯°2π€©2π’1
Randomly remembered when one of the developers of the IcedId botnet successfully bribed Ukrainian police to forge his death certificate to avoid being arrested
That is so unbelievably cool and badass.
That is so unbelievably cool and badass.
π122π€£46π―14π₯6π₯°6β€4π2β€βπ₯1
Two members of the infamous Scattered Spider group (a sub-group of ALPHV ransomware group) have plead guilty to the attack on TfL (Transport for London).
Thalha Jubair, 20 (image 1) and Owen Flowers, 18 (image 2).
Flowers was initially released from custody on strict conditions, which the courts note he violated on two occasions in March, 2025 and May, 2025.
According to the National Crime Agency, Mr. Jubair and Mr. Flowers initially intended to take their cases to a trial in Woolwich Crown Court. However, both individuals later switched to a guilty plea.
Both individuals are scheduled for sentencing July 16th, 2026.
While both fall under the United Kingdom's Computer Misuse Act, and is capable of delivering life in prison for both individuals, due to their young age and guilty plea, Mr. Jubair and Mr. Flowers are likely facing 10 years in prison.
Images via United Kingdom National Crime Agency, see subsequent post for more information and case details.
Thalha Jubair, 20 (image 1) and Owen Flowers, 18 (image 2).
Flowers was initially released from custody on strict conditions, which the courts note he violated on two occasions in March, 2025 and May, 2025.
According to the National Crime Agency, Mr. Jubair and Mr. Flowers initially intended to take their cases to a trial in Woolwich Crown Court. However, both individuals later switched to a guilty plea.
Both individuals are scheduled for sentencing July 16th, 2026.
While both fall under the United Kingdom's Computer Misuse Act, and is capable of delivering life in prison for both individuals, due to their young age and guilty plea, Mr. Jubair and Mr. Flowers are likely facing 10 years in prison.
Images via United Kingdom National Crime Agency, see subsequent post for more information and case details.
π€£84π12β€8π€7π±5π’4
vx-underground
Two members of the infamous Scattered Spider group (a sub-group of ALPHV ransomware group) have plead guilty to the attack on TfL (Transport for London). Thalha Jubair, 20 (image 1) and Owen Flowers, 18 (image 2). Flowers was initially released from custodyβ¦
More information: https://www.nationalcrimeagency.gov.uk/news/cyber-criminals-who-hacked-into-transport-for-londons-computer-network-are-convicted
www.nationalcrimeagency.gov.uk
Cyber criminals who hacked into Transport for London's computer network are convicted
Two young men have admitted mounting a cyber attack on Transport for London (TfL), which cost tens of millions of pounds...
β€11π’3