Apr 15 2022

How vx-underground is building a hacker’s dream library

Category: Cyber Attack,Cyber crime,Dark Web,Information SecurityDISC @ 12:59 pm
How vx-underground is building a hacker’s dream library

Editor’s Note: When malware repository vx-underground launched in 2019, it hardly made a splash in the hacking world. “I had no success really,” said its founder, who goes by the online moniker smelly_vx.

But over the last couple of years, the site’s popularity has soared thanks in part to its robust Twitter presence that mixes breaking cybersecurity news with memes. The site now bills itself as “the largest collection of malware source code, samples, and papers on the internet,” with about 35 million samples overall.

vx-undergound operator smelly_vx recently talked to Recorded Future analyst and product manager Dmitry Smilyanets about the site’s goals, finances, and plans for the future. The interview, which was conducted over email in English, has been lightly edited for clarity.

Dmitry Smilyanets: I would like to start from the very beginning — please introduce yourself.

smelly_vx: Hi. I am “smelly__vx“. I am the creator of vx-underground and the guy who runs/maintains a good portion of vx-underground’s website and the vx-underground Twitter account.

I am in my early 30s. I have a wife. I have a dog. I don’t think I can say anything else which is interesting or important.

DSTell me about the site’s background — how did it start, how did you build it into what it is today?

VX: About vx-underground — it was created to act as the successor to the legendary vxHeaven (created by the Ukrainian dude herm1t). When I was a teenager I discovered vxHeaven and learned tons from it. It was an invaluable asset. Around 2017 or so, when I was a software engineer, I got tired of writing malware (as a hobbyist) by myself.

I began looking for vxHeaven, or whatever it had become. I was unable to find anything, to my disappointment, and one day on some random IRC server I discovered, I was conveying my disappointment to a guy named Phaith and he said to me, “Well, if you miss it so much, why don’t you make your own?” I thought this was a good idea — why not make my own? And that is precisely what I decided to do. The issue I faced was that my background was in low-level development, I primarily did C/C++ development on the Windows platform. I did not have any skills in web development, web security, system administration, etc. I also did not have any contacts, I had been a “lone wolf” for nearly a decade at this point — I was a “nobody.” However, I decided this shouldn’t be a restraining factor so I bought some random bullshit hosting, purchased the domain name ‘vx-underground’ and got to work.

I officially made vx-underground in May 2019. I had no success really, I did not have a Twitter account or any contacts or any relationships in the information security industry. I made the vx-underground Twitter account in August 2019 and, interestingly, shortly after I made the account I was contacted by a guy named Bane. Bane was a member of a group called ThugCrowd. They had a large follower base on Twitter (20,000+), they had connections, they knew their way around things, blah blah blah. ThugCrowd was very kind to me and supported the idea of a new vxHeaven. They introduced me to some people who also liked the idea of a new vxHeaven.

Unsurprisingly, in October 2019, vx-underground was banned from a lot of web hosts. I had places which housed neo-Nazis, pornography, and gambling, deny my hosting.

Nobody wanted to house malware samples, the only way I was going to get the ability to house malware samples was if I had become a company, and did paperwork and all sorts of bullshit. I did not like this idea. Luckily, and to my surprise, the people over at ThugCrowd introduced me to a group of people behind TCP.DIRECT. They also liked the idea of a new vxHeaven, as the main group of people behind it also had been on the vxHeaven forums ages ago. They assisted me with hosting, handling the web security, etc. This was very beneficial for me because, as TCP.DIRECT will confirm, I am a complete idiot with anything system administrative/web security related.

Following this introduction to TCP.DIRECT, vx-underground had essentially zero restraint. I was able to upload malware samples, malware papers, malware source code, etc. as much as I liked. The only thing I had to do then was add content and be consistent. Along the way I met a guy from the [Commonwealth of Independent States], Neogram, who assisted me with Russian translations and giving me a (metaphorical) tour of the CIS malware scene. This expanded my horizon and gave vx-underground better insight into current malware trends.

All of this happened very quickly, this ‘story’ encapsulates what happened between August 2019 and December 2019.

DSWhat are your mission and goals?

VX: I don’t know. vx-underground is a library, our goal is basically to
 collect malware samples, papers, and code? It exists and that is it. The closest thing to a ‘goal’ we have is simple: “more papers, more samples, more code.” It is as simple as that.

DS: Are you financially motivated? How do you monetize your work? Is it lucrative?

VX: No, we are not financially motivated. vx-underground is fueled by passion and love for the ‘game.’ In 2021 vx-underground made $13,000 all from donations. Every time I tell people vx-underground does not make money I am always greeted with shock and surprise. It appears people are unable to comprehend someone would do something for passion rather than financial gain. This is disappointing.

More on this article “vx-underground” – building a hacker’s dream library

DS: One may say you are a threat actor group. Are you?

👇 Please Follow our LI page…


DISC InfoSec

#InfoSecTools and #InfoSectraining

#InfoSecLatestTitles

#InfoSecServices

Tags: Hacker library

Mar 28 2022

Shopping trap: The online stores’ scam that hits users worldwide

Category: Cyber crime,Cyber ThreatsDISC @ 8:45 am
Shopping trap: The online stores’ scam that hits users worldwideïżŒ

Shopping trap: Criminal gangs from China have been using copies of online stores of popular brands to target users all over the world

Malicious schemas linked to online stores are on the rise in 2022. Criminal gangs from China have been using copies of online stores of popular brands to target users all over the world and thereby trick victims. The targets of this massive campaign are online stores geolocated in different countries, including Portugal, France, Spain, Italy, Chile, Mexico, Columbia, among others. The campaign has been active since late 2020 but gained momentum in early 2022, with thousands of victims affected.

Shopping trap

Active domains behind the malicious online stores at the time of analysis (21-03-2022). The shopping platforms are available on servers geolocated in the USA, The Netherlands, and Turkey (ZoomEye).

As observed in Figure 1, 617 active shopping platforms were identified worldwide, 562 created in 2022. The servers are located in three countries: the USA, The Netherlands, and Turkey. However, other servers and online stores were also identified during the research. The complete list of IoCs with more than 1k malicious entries is provided at the end of the article.

The high-level diagram of this campaign is presented below, with a graphical representation of the different steps and actions carried out by criminals.

A new campaign typically starts with the authors setting up the malicious domain at the top of Google search through digital ads (Google ads) – as shown above referring to the Lefties clothing store disseminated in Portugal in 2022. After some days, users are hit as the malicious URL appears at the top of searches. In specific cases, social Ads were also found on Instagram and Facebook social media platforms.

The content of the malicious websites – clones of the official stores –  are based on a static Content Management System (CMS) and a PHP API that communicates with a MySQL cluster in the background. Some artifacts related to the static CMS can be found on a GitHub repository from criminals. In detail, criminals put some effort into developing a generic platform that could serve a mega operation at a large scale, where small tweaks of images and templates would allow the reuse of code for different online stores. Then, all the observed stores use the same code with different templates according to the target brand. As mentioned, the store is also equipped with an API that communicates with a MySQL database cluster where all the victims’ data is stored, including:

  • Name (first and last)
  • Complete address (street, zip-code, city, and country)
  • Mobile phone
  • Email
  • Password
  • Credit card information (number, date, and CVV); and
  • Details about the order and tracking code of the package.

As usual, this Personally Identifiable Information (PII) can be utilized later by criminals to leverage other kinds of campaigns. In order to prevent this type of scenario, we provide a tool that allows you to validate if victims’ information is now in the wrong hands.

Scam Me If You Can: Simple Strategies to Outsmart Today’s Rip-off Artists

Tags: Online scams, Scam Me If You Can

Feb 03 2022

Fake Cash Scams Thrive on Facebook and Insta—FTC

Category: Cyber crime,Cyber sanctions,CybercrimeDISC @ 10:01 am
Fake Cash Scams Thrive on Facebook and Insta—FTC

Cryptocurrency scammers love social media—especially Meta’s platforms. The Federal Trade Commission says hundreds of millions of dollars were scammed from U.S. consumers in 2021 (and that’s just the scams the FTC knows about).

And the problem’s growing incredibly fast—with no hint of a fix in sight. Meta claims to be “tackling” it, but we’ve probably all experienced scam reports to Facebook and Instagram being ignored or closed with no action. But why expect anything different? Meta makes money from all the scam ads and “engagement.”

Of course, some say all cryptocurrencies, NFTs and DeFi are scams. In today’s SB Blogwatch, we couldn’t possibly comment.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Nothingverse.

Imaginary Money Enriches Zuckerberg

What’s the craic? Sarah Perez reports—“US consumers lost $770 million in social media scams in 2021, up 18x from 2017”:

“A large majority 
 involve cryptocurrency”
A growing number of U.S. consumers are getting scammed on social media. 
 That number has also increased 18 times 
 the FTC said, as new types of scams involving cryptocurrency and online shopping became more popular. This has also led to many younger consumers getting scammed.


Facebook and Instagram were where most of these social media scams took place. 
 More than half (54%) of the investment scams in 2021 began with social media platforms, where scammers would promote bogus investment opportunities or connect with people directly to encourage them to invest. 
 A large majority of the investment scams now involve cryptocurrency.

Why does it matter? Sara Fischer and Margaret Harding McGill tells us—“Crypto leads to massive surge in online scams”:

“Bogus investment sites”
Cryptocurrency is an easy target because while it’s surging in popularity, there’s still a lot of confusion about how it works. 
 One type of crypto scam reported to the agency involves someone bragging about their own success to drive people to bogus investment sites.


“We put significant resources towards tackling this kind of fraud and abuse,” said a spokesperson for 
 Meta. “We also go beyond suspending and deleting accounts, Pages, and ads. We take legal action against those responsible when we can and always encourage people to report this behavior when they see it.”

Horse’s mouth? Here’s the FTC’s Emma Fletcher—“Social media a gold mine for scammers”:

“Urgent need for money”
Social media is also increasingly where scammers go to con us. More than one in four people who reported losing money to fraud in 2021 said it started on social media with an ad, a post, or a message.


For scammers, there’s a lot to like about social media. It’s a low-cost way to reach billions of people. [It] is a tool for scammers in investment scams, particularly those involving bogus cryptocurrency investments — an area that has seen a massive surge. 
 People send money, often cryptocurrency, on promises of huge returns, but end up empty handed.


If you get a message from a friend about an opportunity or an urgent need for money, call them. Their account may have been hacked – especially if they ask you to pay by cryptocurrency, gift card, or wire transfer. 
 To learn more about how to spot, avoid, and report scams—and how to recover money if you’ve paid a scammer—visit ftc.gov/scams.

Who would fall for such scams? King_TJ hates to admit it:

“Facebook is complicit”
Hate to admit it, but I fell for one of these scams on Facebook myself. It was probably about a year ago. I ran across a “seller” in one of the ads that scrolled by on my feed. 
 There were plenty of comments posted ranging from other people interested in one, to claims they got one and liked it.


After a little while 
 the tracking info showed the package as delivered, but I never received anything at all. 
 When I started digging around more on Facebook after that, I realized the scammers 
 were actually running dozens of ads for various products, giving out web URLs that were almost identical except with one letter changed in their name. Reported the original ad 
 to Facebook, but 
 got no response.


That’s when it struck me that Facebook is complicit in all of this, in the sense they make a lot of ad revenue off of these scams. 
 It’s more profitable for them to turn a blind eye and simply take one down when a user complains about it specifically.

Facebook is complicit? Carrie Goldberg—@cagoldberglaw—puts it more bluntly:

Platforms love scams because user engagement is so high from all the accounts they create, posts, and messaging; not to mention the panicked use by victims.

Scam Me If You Can: Simple Strategies to Outsmart Today’s Rip-off Artists

Tags: Fake Cash Scams

Dec 20 2021

Pegasus: Google reveals how the sophisticated spyware hacked into iPhones without user’s knowledge

Category: Backdoor,Cyber crime,Cyber Espionage,Cyber Spy,Cyber surveillance,Cyberweapons,Hacking,Malware,SpywareDISC @ 11:33 am
  • Pegasus spyware was allegedly used by governments to spy upon prominent journalists, politicians and activists.
  • A Google blog has revealed how the sophisticated software was used to attack iPhone users.
  • The software used a vulnerability in iMessages to hack into iPhones without the user’s knowledge.

The Pegasus spyware, developed by Israel’s NSO group, made headlines for being used by governments and regimes across the world including India to spy on journalists, activists, opposition leaders, ministers, lawyers and others. The spyware is accused of hacking into the phones of at least 180 journalists around the world, of which 40 are notable Indian personalities.

Now, a Google blog from the Project Zero team called the attacks technically sophisticated exploits and assessed the software to have capabilities rivalling spywares previously thought to be accessible to only a handful of nations.

The company has also faced multiple lawsuits including one in India where the Supreme Court (SC) set up a three-member panel headed by former SC judge RV Raveendran to probe whether the software was used by the government to spy on journalists and other dissidents.

Apart from India, Apple has also sued the Israeli firm after having patched its security exploit. The company was also banned in the United States after the details of the spyware were revealed. Let’s take a look at how this advanced snooping technology discretely worked on iPhones.

How Pegasus hacked iPhones

According to the Project Zero blog, a sample of the ForcedEntry exploit was worked upon by the team and Apple’s Security Engineering and Architecture (SEAR) group. Pegasus attacks on iPhones were possible due to the ForcedEntry exploit.

Best iPhone in 2021: Which model is right for you? | ZDNet

Pegasus is a spyware (Trojan/Script) that can be installed remotely on devices running on Apple ‘ s iOS & Google ‘ s Android operating systems. It is developed and marketed by the Israeli technology firm NSO Group. NSO Group sells Pegasus to ” vetted governments ” for ” lawful interception ” , which is understood to mean combating terrorism and organized crime, as the firm claims, but suspicions exist that it is availed for other purposes. Pegasus is a modular malware that can initiate total surveillance on the targeted device, as per a report by digital security company Kaspersky. It installs the necessary modules to read the user’s messages and mail, listen to calls, send back the browser history and more, which basically means taking control of nearly all aspects of your digital life. It can even listen in to encrypted audio and text files on your device that makes all the data on your device up for grabs.

Tags: A Privacy Killer, hacked iphone, NSO Group, Pegasus spyware

Nov 17 2021

Combating cybercrime: Lessons from a CIO and Marine veteran

Category: Cyber crimeDISC @ 10:46 am
Combating cybercrime: Lessons from a CIO and Marine veteran

Combating cybercrime is exponentially more difficult than combating traditional criminal activities, as technologies and techniques make it very easy for cybercriminals to hide their true identities, locations, and allegiances. It’s a sobering situation, one that has resulted in extensive intellectual property theft, enormous financial losses, and the disruption of supply chains that deliver essential goods.

As a Marine veteran and CIO of a global software company, my approach to cybersecurity mirrors many of the principles I practiced in the military. Much like the corporate world, the Marines emphasized expertise, accountability, results, and leadership. With skilled teams, strong leaders, and tangible goals, it is much easier to deal with the daily uncertainty that is inherent in managing the cybersecurity of a large enterprise.

So, how does the United States better position itself to combat this growing threat? Through a more visible, coordinated, and concerted effort with measurable goals that involves the government, the private sector, educational institutions, and everyday citizens. Some of the highest priorities requiring action are below.

Combating cybercrime: Lessons from a CIO and Marine veteran

Cybercrime and Digital Forensics

Tags: Combating cybercrime, Cybercrime and Digital Forensics

Oct 22 2021

FIN7 cybercrime gang creates fake cybersecurity firm to recruit pentesters for ransomware attacks

Category: Cyber crime,Cybercrime,Pen Test,RansomwareDISC @ 9:08 am
FIN7 cybercrime gang creates fake cybersecurity firm to recruit pentesters for ransomware attacks

The FIN7 hacking group is attempting to enter in the ransomware business and is doing it with an interesting technique. The gang space creates fake cybersecurity companies that hire experts requesting them to carry out pen testing attacks under the guise of pentesting activities.

FIN7 is a Russian criminal group that has been active since mid-2015, it focuses on restaurants, gambling, and hospitality industries in the US to harvest financial information that was used in attacks or sold in cybercrime marketplaces.

One of the companies created by the cyber criminal organizations with this purpose is Combi Security, but researchers from Gemini Advisory discovered other similar organizations by analyzing the site of another fake cybersecurity company named Bastion Security.

The Bastion Secure website is hosted on the Russian domain registrar Beget, which is popular in the Russian cybercrime communities. Most of the submenus of the site return a Russian-language HTTP 404 error, a circumstance that suggests the site creators were Russian speakers. At the time of the report, some of the HTTP 404 errors remain unfixed.

The website is a clone of the website of Convergent Network Solutions Ltd, Bastion Secure’s ‘About’ page states that is a spinoff of the legitimate cybersecurity firm that anyway not linked to the criminal gang.

Pentest as a Service (PtaaS)

Tags: FIN7, pentester, ransomware attacks

Oct 03 2021

The Biden administration will work with 30 countries to curb global cybercrime

Category: Cyber crimeDISC @ 1:39 pm
The Biden administration will work with 30 countries to curb global cybercrime

U.S. President Joe Biden announced that the US will work with 30 countries to curb cybercrime and dismantle ransomware gangs that are targeting organizations worldwide.

“This month, the United States will bring together 30 countries to accelerate our cooperation in combatting cybercrime, improving law enforcement collaboration, stemming the illicit use of cryptocurrency, and engaging on these issues diplomatically,” announced President Biden.

The Biden Administration announced that it will work with representatives of 30 countries to accelerate the cooperation among states and international law enforcement agencies in fighting cyber criminal activities. Biden also announced a special effort in building a coalition of nations to advocate for and invest in trusted 5G technology and to secure its supply chains.

The coalition also aims at managing both the risks and opportunities associated with the adoption of emerging technologies like quantum computing and artificial intelligence.

The wave of ransomware attacks that hit US organizations in the first half of 2021 and that were carried out by Russian gangs like REvil and Darkside worried US authorities and was discussed by Presidents Biden and Putin during a phone call in July.

CYBERSECURITY AND INFRASTRUCTURE SECURITY AGENCY: Actions Needed to Ensure Organizational Changes Result in More Effective Cybersecurity for Our Nation

CYBERSECURITY AND INFRASTRUCTURE SECURITY AGENCY: Actions Needed to Ensure Organizational Changes Result in More Effective Cybersecurity for Our Nation by [United States Government Accountability Office]

Cybersecurity Awareness Month 2021 Toolkit: Key messaging, articles, social media, and more to promote Cybersecurity Awareness Month 2021 

Cybersecurity Awareness Month 2021 Toolkit: Key messaging, articles, social media, and more to promote Cybersecurity Awareness Month 2021 by [Cybersecurity and Infrastructure Security Agency]

Tags: Biden administration, Cybersecurity and Infrastructure Security Agency, Cybersecurity Awareness Month 2021 Toolkit, Cybersecurity for Our Nation

« Previous Page