malware

🚨 Fake download links on itch.io!

So for those who haven't stumbled across them, there's currently a wave of spam claiming to have an "updated version" of many free #NSFWGames that is some form of malware.

The delivery method is via url-shortened catbox.moe links which then instruct the user to paste in a random URL (typically a direct file download).

The resulting .zip contains ~450+ files with all kinds of extensions, including a few bogus ones, and a file named Launcher.exe which likely launches the malware.

Based on HybridAnalysis and VirusTotal's Sandbox, the Launcher.exe tries to inject a bunch of pre-launch options into msedge.exe as well as utilizing obfuscation techniques such as cryptographic encryption via OpenSSL key as well as calling its own memory addresses. It also calls another catbox.moe address.

AhnLabV3 identifies it as Win32.Generic. While there appears to be nothing outright malicious about the file, it is incredibly suspicious, and is likely a dropper for something else

#Itchio #InfoSec #Malware #Games #VideoGames #NSFWGames #FurryGames #Gaming

VexTrio's origins come from two distinct groups: an Italian group we can date back to 2004 and a Russian-speaking Eastern European group. The Italians were quite successful early on, with a dating app that was among the fastest growing on Facebook in 2012. But our guess is that their profits slid in the years that followed. In 2020, there is an merger-acquisition which leaves the Eastern Europeans in charge. They gain the trademarks, knowledge in spam distribution, and who knows what else.

While developers remain in eastern Europe, VexTrio created business headquarters in Lugano, Switzerland. Including the existing AdsPro, which developed the Los Pollos, Taco Loco, and Adtrafico traffic distribution systems (TDS) through their software company HolaCode. (ok it's more complicated than that, but this is the cliffsnotes version). We have identified nearly 100 businesses associated with 8 key figures in many industries, including construction, energy, and advertising.

So in the end, what is VexTrio? It's hard to say. We originally used it to refer to the TDS. Nice clean lines... but now, for us it is all the people and their labyrinth of companies.

We spoke at BlackHat last week so if you have a briefings pass you can listen to that. Otherwise, find our research online and start your own investigation.

#dns #threatintel #scam #cybercrime #vextrio #infoblox #cybersecurity #infosec #malware #tds

Além de frequentemente alertarmos que Workspace, assim como qualquer Serviço Substituto de Software (SaaSS) ou de software privativo — o que consideramos #malware — é uma cilada, , venho reiterar como as maiores empresas abusam de modus operandi frequente do phishing, o que prejudica a educação contra essa praga. É a denúncia/desabafo que publiquei em @daltux há um tempo, embora focado sobre correio eletrônico:

A dificuldade de educar usuários contra “phishing” causada pelas próprias instituições

Aliás, as pessoas ignorarem esses alertas é algo, infelizmente, até esperado, embora não deixe de ser frustrante. Penso ser análogo ao que acontece com as dicas de saúde de Dráusio Varella, por exemplo. A rejeição às recomendações sobre a "saúde" tecnológica parece até mais frequente, beirando o negacionismo...

via @randahl

https://mastodon.social/@randahl/115513890753953838

#segurança #phishing #rastreadores #SaaSS #email #BigTech

@board 请教各位大佬有没有知道Mozi和Mirai系Malware特性的知识 #Mozi #Mirai #Malware

Compromised? In this interview, https://www.muellershewrote.com/p/a-fork-in-the-road-is-federal-employee I speak to a systems security specialist who found privacy problems surrounding the HR@opm.gov email servers #IT #security #natsec #nationalsecurity #cybercrime #cybersecurity #hacking #surveillance #malware #email #DOGE #Musk #treasury #OPM #FAA #FEMA #education #privacy #PII

"- In March 2025, senior members of the World Uyghur Congress (WUC) living in exile were targeted with a spearphishing campaign aimed at delivering Windows-based malware capable of conducting remote surveillance against its targets.

- The malware was delivered through a trojanized version of a legitimate open source word processing and spell check tool developed to support the use of the Uyghur language. The tool was originally built by a developer known and trusted by the targeted community.

- Although the malware itself was not particularly advanced, the delivery of the malware was extremely well customized to reach the target population and technical artifacts show that activity related to this campaign began in at least May of 2024.

- The ruse employed by the attackers replicates a typical pattern: threat actors likely aligned with the Chinese government have repeatedly instrumentalized software and websites that aim to support marginalized and repressed cultures to digitally target these same communities.

- This campaign shows the ongoing threats of digital transnational repression facing the Uyghur diaspora. Digital transnational repression arises when governments use digital technologies to surveil, intimidate, and silence exiled and diaspora communities."

https://citizenlab.ca/2025/04/uyghur-language-software-hijacked-to-deliver-malware/

#CyberSecurity #Malware #Spearphishing #China #Uyghurs #Xinjiang #Surveillance

The Russians aren't coming, they are already here. Without most anyone realizing, they've created an entire malicious adtech industry whose story is just as complex as the Chinese organized crime we're now realizing from their ventures into pig butchering.

VexTrio is just one Russian organized crime group in the malicious adtech world, but they are a critical one. They have a very "special" relationship with website hackers that defies logic. I'd put my money on a contractual one. all your bases belong to russian adtech hackers.

Today we've released the first piece of research that may eventually prove whether I am right. This paper is hard. i've been told. I know. We've condensed thousands of hours of research into about 30 pages. @briankrebs tried to make the main points a lot more consumable -- and wrote a fabulous complimentary article : read both!

There's so much more to say... but at the same time, between ourselves and Brian, we've released a lot of lead material ... and there's more to come. I've emphasized the Russian (technically Eastern European) crime here, but as Brian's article points out there is a whole Italian side too. and more.

We've given SURBL, Spamhaus, Cloudflare, Domain Tools, several registrars, and many security companies over 100k domains. They are also posted on our open github.

Super thanks to our collaborators at Qurium, GoDaddy Sucuri Security, and elsewhere.

#threatintel #scam #tds #vextrio #cybercrime #cybersecurity #infosec #dns #infoblox #InfobloxThreatIntel #malware #phishing #spam

https://blogs.infoblox.com/threat-intelligence/vexing-and-vicious-the-eerie-relationship-between-wordpress-hackers-and-an-adtech-cabal/

https://krebsonsecurity.com/2025/06/inside-a-dark-adtech-empire-fed-by-fake-captchas/

I just posted this in a github issue for wyng_backup...

👉 I don't care about the pretense, pretexts or excuses they use for their window dressing; A spyware vendor is a spyware vendor, and a despot is a despot. Microsoft betrays users' trust at an immense scale.

Therefore I would like to leave this MS-owned site for someplace more ethical. The first alternative that comes to mind is CodeBerg; it serves projects more demanding than mine so I think it will be fine. Suggestions for other sites are welcome!
#microsoft #spyware #malware #wyng #github #codeberg

https://github.com/tasket/wyng-backup/issues/250

REMINDER:
everything created by #techbros should be treated as #malware. i would treat the so-called open source version of the not-so Open AI as a classic trojan, wooden horse and otherwise :
https://arstechnica.com/ai/2025/08/openai-releases-its-first-open-source-models-since-2019/