cyber attack – Page 16 – Scriptingthewhy.com

Theft Among JavaScript

Consider following on social media!

Quick note: if you’re viewing this via email, come to the site for better viewing. Enjoy!

I think I can take a break from hacking to look at some cat videos. That’s not weird.
Photo by Pavel Danilyuk, please support by following @pexel.com

The internet is a wide and, in some cases, unknown territory for many people to be on. Most of us simply surf the internet without a second thought as to how it works and let’s be honest some of us don’t really care to know how it does what it does.

We just want our cat videos and to be able to find that video where Gam Gam accidentally set her hair ablaze trying to blow out a candle. No matter what your reason for surfing online, you have to be aware that while surfing, many things lurk underneath or within.

Depending on who you ask. Small nerd fact, the web pages you view, including this one, have three main components. HTML (Hyper Text Markup Language) is what gives the page its layout that you see, the CSS (Cascading Style Sheets) gives the page its “pretty colors” and some effects, and finally, JS (JavaScript) gives the page the functionality to do certain things.

Within JS comes other languages like Node.js however, with more languages comes more problems. We’re going to be going over what the attack is, who is using it, the effects upon release, and what are some ways you can stay safe on your current webpage.

Fun fact: this may seem harmless, but never under any circumstances leave your computer unattended.
Photo by Flo Dahm, please support by following @pexel.com

The Attack

Now you may be wondering why Node.js is being put under the microscope and not JS, and we have your answer. We’re looking at all of them because each one plays a part in a threat actor’s plan.

It all starts with Node.js and NodeStealer, NodeStealer is a malware that is written in JS language and is executed in Node.js. Told you that we were going to be looking at all of them.

You can think of this as that Russian doll thing that houses another smaller version of the bigger one. Just know, your problems are coming from within.

Yup, there are too many breaches, and only one of me. Yup, I’m going to let this company tank.
Photo by olia danilevich, please support by following @pexel.com

Who Can It Be Now

Are you wondering as to who has been using this nasty little trick? Well, so are we. This malware has been out for some time, and no one has made a name for using it.

This just goes to show there are too many threat actors out in the world to keep track. In most cases, threat actors never get caught because there are too many and attacks from the same one are so infrequent.

With infrequent attacks, comes fewer chances of finding the malicious actors.

Enjoy the read so far? Why don’t you consider subscribing so you can keep up to date?

I’m not worried about no NodeStealer, I have 100% security here buddy.
Photo by Andrea Piacquadio, please support by following @pexel.com

That Sinking Feeling

Are you worried about how something like this could creep its way onto your computer? Don’t worry, Z-Daddy has you on that one. NodeStealer can be distributed by various means.

This could include but is not limited to phishing emails, malvertising, and bundling NodeStealer with software that is legitimate. Once NodeStealer is in, it disguises itself as a harmless document. This would be something like a PDF file which would have an appropriate icon and filename.

This is done with the intent to trick the victim into interacting with it. Once that happens the malware can execute and stay on the machine by establishing a persistence. This means even if you turn off your machine and boot it back up, the malware is still there.

The main objective is to obtain your collection of stored passwords, session information, and other possibly useful information. A thing to note is that it was designed to go after certain web browsers such as Chrome, Opera, Microsoft Edge, and Brave. Before you think about it, no, this is not the movie “Brave.” Brave’s icon is a lion, not a little girl trying to break free from her father’s shadow.

Update our systems? Why would we do that? These babies work just fine.
Photo by Pixabay, please support by following @pexel.com

The Prevention

You’re interested in protecting yourself from this malware, you say. Good, there are some useful tips, however, keep in mind that there is no such thing as 100% protection. Even hand sanitizer says 99.9%, and that covers both hands.

Some basic security measures like being mindful of who sent you an email with links or attachments that were unwarranted. Keeping your operating system up to date and anti-virus software is a must as patches are released to close vulnerabilities.

On a small scale, this can be easily done, but on a larger scale such as with a company with 1,000 employees, this form of protection is easier said than done. This is due to going through the motions which end up with a lot of complacent workers.

It has been said that having one complacent employee is enough to compromise your whole system, a few more, and that could sink your whole company.

I have one more email to go. Oh, my computer is locked. Ransomware? Yeah, today is my last day at this company.
Photo by Jopwell, please support by following @pexel.com

Made it this far and found this to be entertaining? Then a big thanks to you and please show your support by cracking a like, sharing this with whomever, scripting a comment, or plug-in to follow.

Would like to give sincere thanks to current followers and subscribers, your support and actions mean a lot and has a play in the creation of each script.

Do you feel like there is something I may have missed on NodeStealer? Script a comment below.

AI, Programming, Tech

Master Python and JavaScript for Lucrative Web Development and AI Careers

Key Takeaways

Python and JavaScript are golden keys for coding careers in 2024: They are versatile, in high demand, and beginner-friendly.
Python is praised for:
- Readability and ease of learning.
- Wide applications (web dev, data science, machine learning).
- Powerful libraries (NumPy, TensorFlow).
JavaScript is essential for:
- Web development (runs on client and server sides with Node.js).
- Creating dynamic web interfaces with frameworks like React and Angular.
Free learning resources: FreeCodeCamp, Programiz, Codecademy, Educative.
Go beyond courses: Practice with projects, hackathons, and open-source contributions.
High demand for skilled developers: Opportunities in web dev, data science, AI, and more.
Specialization: Python for data science/ML, JavaScript for front-end development.

Learning to program could be easier than you think.
Photo by Lukas, please support by following @pexel.com

Bulk Learning

The digital age is ever-evolving, and the landscape of programming languages keeps shifting. But in 2024, two languages stand out as the golden keys to a successful coding career: Python and JavaScript. Their versatility, high demand, and beginner-friendliness make them prime choices.

Python: The Swiss Army Knife

Python reigns supreme for its simplicity and readability. New programmers can grasp core concepts easily thanks to its intuitive syntax, avoiding the hurdle of complex language rules. But Python’s power extends far beyond ease of learning.

This versatile tool tackles everything from web development with frameworks like Django and Flask to the exciting realms of artificial intelligence with libraries like NumPy and TensorFlow. Python empowers you for data analysis, machine learning, and even back-end development.

Ready to unlock the potential of Python? Free resources abound! FreeCodeCamp and Programiz offer comprehensive courses catering to all levels. These platforms provide interactive lessons, practical projects, and even certifications – all at no cost.

Python your way to a better day.
Photo by Christina Morillo, please support by following @pexel.com

JavaScript: The Web Maestro

JavaScript is the lifeblood of the web. It’s nearly impossible to find a modern website that doesn’t rely on it in some way. Mastering JavaScript makes you a valuable asset in the developer world.

But JavaScript’s magic extends beyond the browser. Thanks to platforms like Node.js, it can now run on both the client and server sides, revolutionizing web development. Frameworks like React and Angular empower you to create dynamic and user-friendly web interfaces.

Platforms like Codecademy and Educative offer a treasure trove of free JavaScript courses tailored to various learning styles and levels. Their interactive coding environments and supportive communities make learning accessible and engaging.

Beyond the Course: Your Coding Journey Begins

While Python and JavaScript offer a strong foundation, learning extends beyond courses. The key to mastery lies in practice. Consider building independent projects to solidify your skills. Participating in hackathons or contributing to open-source projects are fantastic ways to gain experience and build your developer portfolio.

Learn solo or learn with others.
Photo by Christina Morillo, please support by following @pexel.com

Career Opportunities Await

The demand for skilled Python and JavaScript developers is booming. These languages open doors to exciting and well-paying careers in web development, data science, artificial intelligence, and more.

Specialization or Versatility?

While both languages are versatile, Python might be your go-to choice for data science or machine learning due to its powerful libraries. JavaScript shines in front-end development, creating dynamic user interfaces.

Conclusion

Python and JavaScript are the golden keys to unlocking a successful coding journey in 2024. With their ease of learning, vast applications, and promising career paths, there’s no better time to dive in. Embrace the challenge, explore these languages, and you might just find yourself at the forefront of the next digital revolution.

Love learning tech? Join our community of passionate minds! Share your knowledge, ask questions, and grow together. Like, comment, and subscribe to fuel the movement!

Don’t forget to share.

Every Second Counts. Help our website grow and reach more people in need. Donate today to make a difference!

Make a one-time donation

Make a monthly donation

Make a yearly donation

Choose an amount

$5.00

$15.00

$100.00

$5.00

$15.00

$100.00

$5.00

$15.00

$100.00

Or enter a custom amount

Your contribution is appreciated.

Donate Donate monthly Donate yearly

Programming, Security, Tech

OnlyFans & Simping Disabled

Consider following on social media!

Quick note: if you’re viewing this via email, come to the site for better viewing. Enjoy!

Tara: You subscribed to her OnlyFans but you didn’t sub to Scriptingthewhy.
Eddie: I didn’t think that was going to put a virus on our computer.
Tara: You would’ve known that if you kept reading!
Photo by Alex Green, please support by following @pexel.com

It seems like the fun days of simping may be coming to a halt…well, at least for the moment. To touch base quickly, simping wasn’t good in the first place but now it’s gaining some additional problems.

As of late threat actors have found new and saucy ways to make the lonely men and women but mainly men of the internet pay for something more than just adult content.

We are going to look at what kind of attack threat actors are using, who has been using it, the functionality and effects upon its release, and some ways you can prevent this from being your final simping moment.

When is she going to be back online? I need to see her pureness.
Photo by cottonbro studio, please support by following @pexel.com

The Attack

For all who are curious about the term “simping” or “simp” here is a brief overview to bring you to the cool kid’s club. A “simp” is someone who bends and folds to the will of someone they admire heavily. This is the toxic version of falling head over heels for someone.

The art of “simping” is giving your every waking moment to be around or interacting with that person. There’s nothing wrong if the feeling is mutual, however, in most if not all cases, the person the individual is simping for has no idea as to who they are. A real, don’t talk to me because I’m saving myself for my crush who doesn’t even know I exist situation.

The attack that fits this situation perfectly is called a Root Access Trojan or what’s more likely known as a RAT. And before you ask, yeah, your data and credentials are the cheese in this situation.

That’s right, click here for free nudes. The lonely make great cash cows.
Photo by Karolina Grabowska, please support by following @pexel.com

Who Can It Be Now

No groups or individuals have been named at this point, but it has been made known that threat actors are taking the hot, bothered, and lonely for a ride with the lure of having a good time on OnlyFans.

If you have been living on the right side of the internet and are unfamiliar, then we’ll give a small overview of what OnlyFans is. OnlyFans is an adult website where you pay for a subscription to adult content from your favorite content creator. A campaign has been launched involving the RAT called “DcRAT”.

Enjoy the read so far? Why don’t you consider subscribing so you can keep up to date?

Ben: The attack began here.
Tom: I heard you started an OnlyFans.
Ben: Uh…I did but I only post feet pics.
Tom: I subscribed already.
Ben: WAIT, WHAT!?
Photo by MART PRODUCTION, please support by following @pexel.com

The Sinking Feeling

However, this isn’t OnlyFans first rodeo when it comes to threat actors and their malicious means. Back in January of 2023, attackers had created a redirection link to a fake OnlyFans website.

In this new campaign, ZIP files containing a VBScript (this is the scripting language for Microsoft) loader to trick victims into running the executable program manually, this loader has been distributed offering the promise of accessing the premium adult content of OnlyFans.

The source of the infection is unknown, but ideas have suggested that it has made its rounds via malicious forums postings, malvertising via instant messages, and even black hat SEO (Search Engine Optimization)—this is the art of giving fake information to mislead the search engine and users to rank higher in search results.

The VBScript loader is slightly modified from its previous version found back in 2021’s campaign discovered by Splunk. In this version, the malware checks the architecture of the OS (Operating System) using a snapshot and spawns the 32-bit process required for the following steps.

It extracts the embedded DLL ((Dynamic Link Library)—this is a collection of small programs that larger programs can load when needed to complete a particular task) and registers the file with the Regsvr32.exe (this is the utility for the command line to register and unregister Object Linking and Embedding or OLE controls) command. This then grants the malware access to the DynamicWrapperX which is a tool that enables the calling functions from the Window’s API (Application Programming Interface) or to other files.

A payload named ‘BinaryData,’ is then loaded onto the memory and inserted into the ‘RegAsm.exe’ (this adds entries to the registry on the local computer) process, which is a legitimate part of the .NET Framework. This more likely allows the malware to bypass anti-virus tools.

Once embedded can perform keylogging, webcam monitoring, file manipulation, remote access, steal credentials, and cookies from the browser, or intercept tokens for Discord. It also has the function to target all files not a part of the system and appends its filename extension onto the encrypted files.

In a nutshell, once it’s in, it’s recording every move you make and no file on your computer is safe.

For most people this is the most effective tactic.
Photo by ALTEREDSNAPS, please support by following @pexel.com

The Prevention

Like the rest of us here, Z-Daddy is betting that you want to keep yourself and everything on your computer safe, there are some ways to help with that.

One way and this is the only way that security is a hundred percent guaranteed, is to stay on the right side of the internet and away from adult material. However, this is not a solution for most people, so another way is to practice extreme caution when downloading any files from third parties and unknown sources onto your computer.

This principle carries over to those situations where you’re being offered exclusive access to a good time at the low, low cost of nothing. Frequently saving your information on either a USB flash drive or external drive or other device that you could insert and detach from your computer could help as this will have your information saved in multiple locations versus being saved only on your machine.

Saving multiple copies of your information helps because if it’s found that one copy is infected, a scan can be done for the other backups and if they’re still good you could start from the last save point. To some, this may seem a bit of work but as professional simps will tell you; “Simping ain’t easy.”

This is Erica. Click here to see all of her nude photos and videos.
Photo by Bruno Henrike, please support by following @pexel.com

Made it this far and found this to be entertaining? Then a big thanks to you and please show your support by cracking a like, sharing this with whomever, scripting a comment, or plug-in to follow.

Would like to give sincere thanks to current followers and subscribers, your support and actions mean a lot and has a play in the creation of each script.

Do you feel like there is something I may have missed on DcRAT? Script a comment below.