In the past weeks I interviewed the staff from the major infostealers projects, a total of 7: Lumma,Raccoon,Meduza,Vidar,Amadey,StealC,Meta. Below you will find a short summary of this series that ends today, and also the ones who refused to talk. 👀👇.

StealC V2 issued an update recently:. Featuring enhanced app-bound decryption of browser password and cookies, and a panel Rest API for clients. Changelog 👇👇

He replied back🤷‍♂️:. @saiyangod0x says: Why malware? Is your purpose to create or destroy?. Everyone has their own standards of morality, my belief is that without destroying something, something new will not be built. @vxdb says: How did you get into malware development?.

Just been across interesting signed MSI files creating persistence via VMI and hiding a C2 server on a Ethereum Smart Contract (sending botnet information), also installing Anydesk for Remote Access. Detonation: Stages: .(Photo 1) MSI file drops Anydesk

Read about "Meowsterio" - The comeback of an OG traffer's group and it's own malware campaign targeting crypto users worldwide. Featuring the use of ClickOnce applications to bypass Windows SmartScreen without using EV certificates ⚙️. Read now 👇👇:.

RT @NexusFuzzy: I found a what I think novel approach which allowed me to list some of the content of #Lumma #Infostealer Command & Control….

An Spanish 🇪🇸 individual and MacOS user just lost over $62k in cryptocurrencies after being targeted by traffer scammers making them downloading an AMOS build from an already flagged fake project @VidoriumApp in a timestamp of ~2 hours. Sample from site available here:

RT @fofabot: Exciting news!🥳🥳.We've launched FOFA AI beta ver, an automatical attack surface discovery platform powered by AI Agents. If i….

The infamous CC and access market "BidenCash" apparently had its domain seized by Law Enforcement in the past hours, the store is allegedly down. Clearnet domain "/bidencash.asia" and onion (which now redirects to "/bidencash.usssdomainseizure.com") displays a seizure banner.

Some active malware coder has accepted to do a "Questions & Answers" for the infosec community. He has been active for some years, serving and developing malware to individuals and on traffer teams. What you will ask him? Share it in the comments!📣📝.Soon in a blog.

Read about an ongoing malware campaign delivering "PayDay Loader" to Windows users and Poseidon Stealer to MacOS individuals on fake AI and software websites. A bit of malware analysis and threat hunting, thanks to @anyrun_app @urlscanio. 🤠👇👇.

Message from the administrator of Lumma Stealer on the forums about the recent events🕊️👀

Apparent new message from LE about the Lumma Stealer situation 👇👇

ping @ViriBack more #Lumma Stealer 🕊️. /fedor-dostoevskiy.com/login

After the announcement of seizure of some of the Lumma Stealer panel domains, new ones were opened shortly in the following hours. Please remember that the whole activity has not ceased👀. /yuriy-andropov.com @ViriBack

Let's have a look on the HTML content of one the seized Lumma panels before the seizure (/tsoi-zhiv.com). 👉May 15th (normal).👉May 20th (changed). As we can see, the DOM content was modified to add this script. Someone messing

Lumma customers claim to have received this message on Telegram, apparently on Lumma customers group