vx-underground
> "hey smelly i ran this game, is it malware?" > doubt_it.png > bored > look inside > game > look inside > electron app > look inside > weird .png embedded inside > look inside > electron app inside png > wtf > look inside > .zip inside png inside of electronβ¦
What the actual fuck is your problem? Why do you people keep finding weird ass obfuscated Electron.JS malware?
π90π€£34π₯°10β€2
vx-underground
> "hey smelly i ran this game, is it malware?" > doubt_it.png > bored > look inside > game > look inside > electron app > look inside > weird .png embedded inside > look inside > electron app inside png > wtf > look inside > .zip inside png inside of electronβ¦
holy shit this guy is a genius
π€£125π21π₯°5β€3π₯3π2π€©1π1
vx-underground
> "hey smelly i ran this game, is it malware?" > doubt_it.png > bored > look inside > game > look inside > electron app > look inside > weird .png embedded inside > look inside > electron app inside png > wtf > look inside > .zip inside png inside of electronβ¦
This media is not supported in your browser
VIEW IN TELEGRAM
"when i ran it smelly, windows deleted the malicious jar file"
THE MALICIOUS JAR FILE?! WHERE THE FUCK IS THE JAR FILE
> jar inside .js inside .zip inside .png inside .asar inside .exe
THE MALICIOUS JAR FILE?! WHERE THE FUCK IS THE JAR FILE
> jar inside .js inside .zip inside .png inside .asar inside .exe
π€£111π₯°14β€7π6
vx-underground
Starting March, 2026, Discord will require a facial scan or copy of your government issued ID to use 'adult features' on Discord such as participating in stages or viewing Discords and/or channels marked as 18+
The Verge
Discord will require a face scan or ID for full access next month
Age verification for all.
π€£60π’7π«‘7π₯°2β€1
tl;dr SmartLoader malware campaign, multi-staged obfuscated Lua payload to evade detection, currently very effective. Interesting malware find.
Some nerd named bleuonbase was looking for some random "Effect-native SDK" (whatever that is), the 2nd indexed URL on Google was a spoopy looking GitHub repo.
He showed it to me. I was bored (I'm very sick), so I poked it with a stick. To make a long story short, this looks like a new malware campaign from SmartLoader
The thing is an obfuscated Lua Loader and it comes packaged with the traditional Lua dependency junk (Lua JIT and DLL). The payload launches from a .cmd which just passes a .txt to the Lua JIT binary. This is all standard stuff for SmartLoader from early and mid 2025.
If you're curious, lookup the SHA256 for the obfuscated Lua script on VirusTotal: c36ce9080f624c14dd4e1d451228293f786168f4de2d35690d2cffb6cccbae87 (Image 1)
You'll see some of the other thing it's trying to masquerade as. This is all very silly shenanigans.
It's currently exfiltrating to some German IP address and inserting fake Cloudflare headers to make it look like it's Cloudflare: 213.176.73.145
Look up that IP address on VirusTotal and you'll see even more silly shenanigans (Image 2)
Oh, and uses Socket3.lua for stuff, I've uploaded that to VirusTotal and Triage. Was not seen on VT before: f2e4088ebf9d98bcc7cccff153a26a786927ae8de570889af160e695b35d1624
Some nerd named bleuonbase was looking for some random "Effect-native SDK" (whatever that is), the 2nd indexed URL on Google was a spoopy looking GitHub repo.
He showed it to me. I was bored (I'm very sick), so I poked it with a stick. To make a long story short, this looks like a new malware campaign from SmartLoader
The thing is an obfuscated Lua Loader and it comes packaged with the traditional Lua dependency junk (Lua JIT and DLL). The payload launches from a .cmd which just passes a .txt to the Lua JIT binary. This is all standard stuff for SmartLoader from early and mid 2025.
If you're curious, lookup the SHA256 for the obfuscated Lua script on VirusTotal: c36ce9080f624c14dd4e1d451228293f786168f4de2d35690d2cffb6cccbae87 (Image 1)
You'll see some of the other thing it's trying to masquerade as. This is all very silly shenanigans.
It's currently exfiltrating to some German IP address and inserting fake Cloudflare headers to make it look like it's Cloudflare: 213.176.73.145
Look up that IP address on VirusTotal and you'll see even more silly shenanigans (Image 2)
Oh, and uses Socket3.lua for stuff, I've uploaded that to VirusTotal and Triage. Was not seen on VT before: f2e4088ebf9d98bcc7cccff153a26a786927ae8de570889af160e695b35d1624
β€35π₯°5π3
vx-underground
tl;dr SmartLoader malware campaign, multi-staged obfuscated Lua payload to evade detection, currently very effective. Interesting malware find. Some nerd named bleuonbase was looking for some random "Effect-native SDK" (whatever that is), the 2nd indexedβ¦
This all lines up with what SmartLoader did in August.
tl;dr haven't changed shit
https://asec.ahnlab.com/en/89551/
tl;dr haven't changed shit
https://asec.ahnlab.com/en/89551/
ASEC
Distribution of SmartLoader Malware via Github Repository Disguised as a Legitimate Project - ASEC
Distribution of SmartLoader Malware via Github Repository Disguised as a Legitimate Project ASEC
β€20π₯°3π€2
For those curious regarding Epstein files redactions and general information: based on Mr. Massie's visit to the United States Department of Justice today, and his "hint" of this being from "A Sultan", this implicates Sultan Ahmed bin Sulayem.
Around April, 2009, footage was leaked of Issa bin Zayed Al Nahyan a/k/a "Isa", son of Zayed bin Sultan Al Nahyan, beating an Afghanistan merchant. In the video, Isa does the following:
- Hog ties him
- Beats the man with a wooden plank, with nails protruding
- Fires an automatic weapon around the man
- Forces a cattle prod into the mans anus
- Places the cattle prod onto the man
- Runs the man over with a Mercedes SUV
- Ignites the mans genitals with lighter fluid
- Pours salt on the wounds
All of this was performed while Abu Dhabi police were present (seen in the video).
Issa bin Zayed Al Nahyan was found not guilty in court. The Judge proceeding over the case did not explain why Isa was exonerated on all charges.
This appears to be the video Epstein "loved".
Around April, 2009, footage was leaked of Issa bin Zayed Al Nahyan a/k/a "Isa", son of Zayed bin Sultan Al Nahyan, beating an Afghanistan merchant. In the video, Isa does the following:
- Hog ties him
- Beats the man with a wooden plank, with nails protruding
- Fires an automatic weapon around the man
- Forces a cattle prod into the mans anus
- Places the cattle prod onto the man
- Runs the man over with a Mercedes SUV
- Ignites the mans genitals with lighter fluid
- Pours salt on the wounds
All of this was performed while Abu Dhabi police were present (seen in the video).
Issa bin Zayed Al Nahyan was found not guilty in court. The Judge proceeding over the case did not explain why Isa was exonerated on all charges.
This appears to be the video Epstein "loved".
π±99π’23π₯°10β€7π2π€2
vx-underground
For those curious regarding Epstein files redactions and general information: based on Mr. Massie's visit to the United States Department of Justice today, and his "hint" of this being from "A Sultan", this implicates Sultan Ahmed bin Sulayem. Around Aprilβ¦
π₯°54π16π―16π’9π4β€1β€βπ₯1
vx-underground
Discord is only popular because it's convenient. It's shrimple to use, shrimple to install, and requires almost no critical thought to configure. The masses do not care about security, or privacy, or whatever. They want easy. tl;dr discord normiemoggedβ¦
Discord knows everyone will bitch and moan on the internet, SOBBMAXXING, but 99.9% of people will hand over their identification. They'll be scared, or reluctant, but they'll do it anyway so they can keep their yellow badge in their Harry Potter Fan Fiction Roleplay Discord
π―80π€£30π₯°7β€4π3π’3
B-B-B-B-B---BUT VX-UNDERGROUND, DISCORD HAD A COMPROMI---- IT WAS HAACK----
And you're all still using the platform and continue paying $9.99/month for Nitro (you need to boost your favorite video game streamers server, you get extra perks, they might acknowledge your existence).
I idle in tons of Discord's that nerds invite me into. I see you dorks with your flashy backgrounds and goofy ass names with all the different colors and shit.
No, it doesn't make you look cool or 1337. We know you whipped out ol' faithful (your Credit Card) and dropped $19.99 on the flash animation, $8.99 for the pop-ups, and an additional $14.99 for that cool Overwatch sticker.
We all know you're not going to use TeamSpeak, or Matrix, or Telegram, or whatever else. You're going to say "ooga booga this bad", but then do it anyway.
And you're all still using the platform and continue paying $9.99/month for Nitro (you need to boost your favorite video game streamers server, you get extra perks, they might acknowledge your existence).
I idle in tons of Discord's that nerds invite me into. I see you dorks with your flashy backgrounds and goofy ass names with all the different colors and shit.
No, it doesn't make you look cool or 1337. We know you whipped out ol' faithful (your Credit Card) and dropped $19.99 on the flash animation, $8.99 for the pop-ups, and an additional $14.99 for that cool Overwatch sticker.
We all know you're not going to use TeamSpeak, or Matrix, or Telegram, or whatever else. You're going to say "ooga booga this bad", but then do it anyway.
π―119π₯°14π€£11β€4π3
vx-underground
B-B-B-B-B---BUT VX-UNDERGROUND, DISCORD HAD A COMPROMI---- IT WAS HAACK---- And you're all still using the platform and continue paying $9.99/month for Nitro (you need to boost your favorite video game streamers server, you get extra perks, they might acknowledgeβ¦
ok sorry if i sound extra critical, it's just weve had this conversation before with other things in the past and nothing really changes, so now i need to be mean.
ily ok? im just grumpy and eepy.
ily ok? im just grumpy and eepy.
β€65π10π₯6π4π₯°2π―1
This media is not supported in your browser
VIEW IN TELEGRAM
Dear Tiny People Living Inside My Computer,
As many of you probably recall, somewhere between 2021 and 2023, it was critical "monkey bonk" was utilized to deter bad actors.
Times have changed. We no longer live in peace. The monkey bonk is back.
As many of you probably recall, somewhere between 2021 and 2023, it was critical "monkey bonk" was utilized to deter bad actors.
Times have changed. We no longer live in peace. The monkey bonk is back.
π₯°60β€11π9π₯2π€―2π1π1
The new AI powered Notepad on Windows 11 was found having a Remote Code Execution 0day
Hot take: text editors don't need network functionality
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
Hot take: text editors don't need network functionality
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
π€£88π₯°12π7β€3
vx-underground
The new AI powered Notepad on Windows 11 was found having a Remote Code Execution 0day Hot take: text editors don't need network functionality https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
X (formerly Twitter)
chen (@chen9918b) on X
ζιοΌ AIηΌθΎε¨ηAi代η εζεθ½ζ
η¨γδΌθ§¦εrce γε½εε·²η»ζ₯ιηΈε
³εεγι΅εΎͺ90倩εε δΌιε½ζ«ι²γ
#BugBounty
#BugBounty
π21π₯°3β€1
This media is not supported in your browser
VIEW IN TELEGRAM
π₯°20π―4π€£4π’3β€2π€2
Hello,
More updates being pushed to prod tomorrow. Also have some mildly interesting news to share related to something we sometimes do.
Additionally, my son will be turning 1 years old soon. Feel old yet?
Cheers,
-smelly smellington
More updates being pushed to prod tomorrow. Also have some mildly interesting news to share related to something we sometimes do.
Additionally, my son will be turning 1 years old soon. Feel old yet?
Cheers,
-smelly smellington
π30β€3π₯°3
vx-underground
Hello, More updates being pushed to prod tomorrow. Also have some mildly interesting news to share related to something we sometimes do. Additionally, my son will be turning 1 years old soon. Feel old yet? Cheers, -smelly smellington
In retrospect, the first three months of my son's life was like the dark ages. All I did was watch anime in complete silence, praying to any God that would answer my prayers, that my wife and I could sleep for just a few hours.
Nonstop anime for 90 days, per the recommendation of my peers and colleagues, was bad. I haven't watched anime ever since. I feel like I was trapped in some kind of CIA MK Ultra experiment. My brain is fried. I have this urge to move to a remote cabin and ... enjoy nature.
Nonstop anime for 90 days, per the recommendation of my peers and colleagues, was bad. I haven't watched anime ever since. I feel like I was trapped in some kind of CIA MK Ultra experiment. My brain is fried. I have this urge to move to a remote cabin and ... enjoy nature.
β€16π₯°6π5π―5