Tag: malware

Programming, Security, Tech

OnlyFans & Simping Disabled

Consider following on social media!

Quick note: if you’re viewing this via email, come to the site for better viewing. Enjoy!

Tara: You subscribed to her OnlyFans but you didn’t sub to Scriptingthewhy.
Eddie: I didn’t think that was going to put a virus on our computer.
Tara: You would’ve known that if you kept reading!
Photo by Alex Green, please support by following @pexel.com

It seems like the fun days of simping may be coming to a halt…well, at least for the moment. To touch base quickly, simping wasn’t good in the first place but now it’s gaining some additional problems.

As of late threat actors have found new and saucy ways to make the lonely men and women but mainly men of the internet pay for something more than just adult content.

We are going to look at what kind of attack threat actors are using, who has been using it, the functionality and effects upon its release, and some ways you can prevent this from being your final simping moment.

When is she going to be back online? I need to see her pureness.
Photo by cottonbro studio, please support by following @pexel.com

The Attack

For all who are curious about the term “simping” or “simp” here is a brief overview to bring you to the cool kid’s club. A “simp” is someone who bends and folds to the will of someone they admire heavily. This is the toxic version of falling head over heels for someone.

The art of “simping” is giving your every waking moment to be around or interacting with that person. There’s nothing wrong if the feeling is mutual, however, in most if not all cases, the person the individual is simping for has no idea as to who they are. A real, don’t talk to me because I’m saving myself for my crush who doesn’t even know I exist situation.

The attack that fits this situation perfectly is called a Root Access Trojan or what’s more likely known as a RAT. And before you ask, yeah, your data and credentials are the cheese in this situation.

That’s right, click here for free nudes. The lonely make great cash cows.
Photo by Karolina Grabowska, please support by following @pexel.com

Who Can It Be Now

No groups or individuals have been named at this point, but it has been made known that threat actors are taking the hot, bothered, and lonely for a ride with the lure of having a good time on OnlyFans.

If you have been living on the right side of the internet and are unfamiliar, then we’ll give a small overview of what OnlyFans is. OnlyFans is an adult website where you pay for a subscription to adult content from your favorite content creator. A campaign has been launched involving the RAT called “DcRAT”.

Enjoy the read so far? Why don’t you consider subscribing so you can keep up to date?

Ben: The attack began here.
Tom: I heard you started an OnlyFans.
Ben: Uh…I did but I only post feet pics.
Tom: I subscribed already.
Ben: WAIT, WHAT!?
Photo by MART PRODUCTION, please support by following @pexel.com

The Sinking Feeling

However, this isn’t OnlyFans first rodeo when it comes to threat actors and their malicious means. Back in January of 2023, attackers had created a redirection link to a fake OnlyFans website.

In this new campaign, ZIP files containing a VBScript (this is the scripting language for Microsoft) loader to trick victims into running the executable program manually, this loader has been distributed offering the promise of accessing the premium adult content of OnlyFans.

The source of the infection is unknown, but ideas have suggested that it has made its rounds via malicious forums postings, malvertising via instant messages, and even black hat SEO (Search Engine Optimization)—this is the art of giving fake information to mislead the search engine and users to rank higher in search results.

The VBScript loader is slightly modified from its previous version found back in 2021’s campaign discovered by Splunk. In this version, the malware checks the architecture of the OS (Operating System) using a snapshot and spawns the 32-bit process required for the following steps. 

It extracts the embedded DLL ((Dynamic Link Library)—this is a collection of small programs that larger programs can load when needed to complete a particular task) and registers the file with the Regsvr32.exe (this is the utility for the command line to register and unregister Object Linking and Embedding or OLE controls) command. This then grants the malware access to the DynamicWrapperX which is a tool that enables the calling functions from the Window’s API (Application Programming Interface) or to other files.

A payload named ‘BinaryData,’ is then loaded onto the memory and inserted into the ‘RegAsm.exe’ (this adds entries to the registry on the local computer) process, which is a legitimate part of the .NET Framework. This more likely allows the malware to bypass anti-virus tools.

Once embedded can perform keylogging, webcam monitoring, file manipulation, remote access, steal credentials, and cookies from the browser, or intercept tokens for Discord. It also has the function to target all files not a part of the system and appends its filename extension onto the encrypted files.

In a nutshell, once it’s in, it’s recording every move you make and no file on your computer is safe.  

For most people this is the most effective tactic.
Photo by ALTEREDSNAPS, please support by following @pexel.com

The Prevention

Like the rest of us here, Z-Daddy is betting that you want to keep yourself and everything on your computer safe, there are some ways to help with that.

One way and this is the only way that security is a hundred percent guaranteed, is to stay on the right side of the internet and away from adult material. However, this is not a solution for most people, so another way is to practice extreme caution when downloading any files from third parties and unknown sources onto your computer.

This principle carries over to those situations where you’re being offered exclusive access to a good time at the low, low cost of nothing. Frequently saving your information on either a USB flash drive or external drive or other device that you could insert and detach from your computer could help as this will have your information saved in multiple locations versus being saved only on your machine.

Saving multiple copies of your information helps because if it’s found that one copy is infected, a scan can be done for the other backups and if they’re still good you could start from the last save point. To some, this may seem a bit of work but as professional simps will tell you; “Simping ain’t easy.”

This is Erica. Click here to see all of her nude photos and videos.
Photo by Bruno Henrike, please support by following @pexel.com

Made it this far and found this to be entertaining? Then a big thanks to you and please show your support by cracking a like, sharing this with whomever, scripting a comment, or plug-in to follow.

Would like to give sincere thanks to current followers and subscribers, your support and actions mean a lot and has a play in the creation of each script.

Do you feel like there is something I may have missed on DcRAT? Script a comment below.

Cloud Talk, Programming, Security, Tech

Jobs Band of Thieves

Consider following on social media!

Quick note: if you’re viewing this via email, come to the site for better viewing. Enjoy!

Tim: Hey Briggs, did you read the latest script?
Briggs: You know I did bro.
Tim: Z-Daddy is like my gun, he’s always on point.
Briggs: Bro, stop calling him that and that was mad cringe.
Photo by Pixabay, please support by following @pexel.com

There was a time, a long time ago, when we as humans weren’t divided and we lived together in perfect harmony. In case you were wondering how long ago that time was, I’m referring to the stone age when we were in caves, communicating through grunts and often pointing off into the distance to what may be a potential threat.

But as our civilization grew, so did our divide, and this also happened within the world of technology. There has been a long-standing argument over which PC (Personal Computer) is superior and to what aspect. Many claim that Windows users are the most vulnerable to viruses, malware, and susceptible to other forms of attacks and Apple is the alpha, omega, and like a self-proclaimed independent woman of modern society, they don’t need any virus protection keeping them down.

Mac users, you might want to keep reading because your PC isn’t off the menu.  

Shaw: Mac can get hacked? But Steve Jobs at fruit.
Z-Daddy: Shawn, that has nothing to do with this topic.
Photo by Dima Valkov, please support by following @pexel.com

A Bitten Apple

For many years, Apple has gone under the radar for being targeted for viruses and malware. Viruses have been reported to hit Apple products but not as hard or as often as with Windows and Android.

But there is a new addition to the growing list of viruses aiming to put MacOS higher up on the attacking menu. MacStealer is classed as malware that can collect your passwords, cookies, and other credentials from the web browser. Web browsers like Firefox and Google Chrome are commonly on the menu. MacStealer also has the capability to extract information from the KeyChain database.

KeyChain, in case you’re unfamiliar, is a macOS app that stores your passwords and account information, so in a sense making it easier for you to login into your accounts with less recalling. Always keep in mind that if it makes it easier for you it also makes it easier for the attacker depending on your given level of privilege on your PC.

A small inconvenience can go a long way.

Here at Uptycs, we find viruses and stuff.
Photo by Zhengdong Hu, please support by following @pexel.com

Malware Among Mac

Analyst researchers at a company called Uptycs discovered this malware. Uptycs, which is a cloud-based analytics solution for anomaly detection. You may be asking yourself what all these words mean. These are all fancy words for, “We look for anything that may be suspicious on your network” or “sus”, for those who have played Among Us.

They had found the malware being advertised on a forum site on the dark web. For those who don’t know, the dark web is not what Hollywood makes it out to be, and you may have experienced it to some degree. The dark web is the use of special browsers like Tor Onion and VPNs (Virtual Private Networks) for peer-to-peer connections to access content that otherwise wouldn’t be accessible.

Always keep in mind, just you being there isn’t illegal, however, the activities in which you participate if discovered could have consequences. MacStealer, was not only being sold as Malware-as-a-Service (MaaS) – meaning the author created it and it’s being sold for public use via agreement on pay, but its price tag was $100.

The fact that threat actors keep a budget in mind when it comes to paying for malicious services on the dark web leaves me dumbfounded. Even cyber criminals feel the effects of inflation.

Z-Daddy, please tell I don’t have to switch back to Windows OS.
Photo by Andrea Picacquadio, please support by following @pexel.com

Ideal Co-Worker

So, at this junction, you probably want to know how this malware functions. MacStealer, when distributed, appears as an unassigned DMG (Apple Disk Image file) with a weed icon on the folder.

This is done with the intent to trick the victim into running the file on their computer. After clicking, the victim is prompted with a fake prompt to enter their credentials to “log in”. Once this action is completed, the machine is comprised, and information aggregation can begin.

Once all of the data is collected, it’s stored in a ZIP file and is sent back to controlled servers and stored to be collected later for the hacker. At the same time, MacStealer sends out a notification signifying the task is complete.

Yes, I know, this is more efficient than your co-workers, and no, you can’t make a virus to replace them. I’ve already tried.

Oh my co-workers just got lucky. I was so going to replace them with a virus.
Photo by Andrea Piacquadio, please support by following @pexel.com

Zero Victim Security

This is being told with some good news… finally. No one (that I am aware of) has been hit with this malware yet. Uptycs analyst spotted it and put out an alert in time.

It’s still in the developing stages, so features from the author are looking to be added to it but for now, it’s nothing too sophisticated where you wouldn’t be able to spot it. Still, prevention has to be mentioned because not everyone may be computer savvy.

For some people owning an Apple product is like eating at a fancy restaurant, some people just bought it for the name. I don’t know how many people have put weed icons on their folders but if you find a file or folder with a weed icon and you didn’t put it there, delete it. Only enter your passwords and other log-in information at secure websites.

Never, and if you’re doing it, stop, store your passwords or any information in your web browser. It seems like a good option but it’s the one of few areas threat actors count on for your goodies. If you have too many accounts and passwords to remember, a solution could be using a simple text editor like Microsoft Office Word, saving, and storing your credentials on a flash drive, and unplugging it from the computer for good measure.

Never download files or click on any links sent from unknown sources and double-check with people whom you may know the link was from. There aren’t as many vulnerabilities in MacOS as in Windows, but a moment in evaluating a given situation could see both operating systems with better security.

Any one of these macs could have been comprised, don’t let it be yours.
Photo by fauxels, please support by following @pexel.com

Made it this far and found this to be entertaining? Then a big thanks to you and please show your support by cracking a like, scripting a comment, or plug-in to follow.

Would like to give sincere thanks to current followers and subscribers, your support and actions mean a lot and has a play in the creation of each script.

Do you think there is something I may have missed or have another way to prevent this? Script a comment below.

AI, Programming, Security, Tech

Wanted: A Real Boy!

Consider following on social media!

Quick note: if you’re viewing this via email, come to the site for better viewing. Enjoy!

When are these guys coming? A new script just dropped and they’re missing it.
Photo by Louis Gys, please support by following @pexel.com

Have no fear, the bots are here and this time they weren’t sent from the future. It has been a well-known fact by now in every industry that we have advanced technology to the point where any task if not all the tasks we deem to be boring and must be done many times over gets put onto our hardware brain companions.

If you don’t have time or feel like trying to figure out which email is spam, a spam filter is created. If you don’t feel like searching through hundreds of documents to find a particular one, a finder was created.

And if you want to repeatedly send emails to a random list of people, you can use a bot for that and other malicious intent as well.

We’re going to be filtering out what kind of attack this is, who is using it, what are the effects upon release, and what are some ways you can protect yourself from being on the spamming list.

Set it and forget it? Real cooks do no such thing.
Photo by cottonbro studio, please support by following @pexel.com

The Attack

So, what kind of service would you make use of spam to hundreds of people while you have it on “Set it and forget it” mode? Look no further than TrueBot. Don’t let the name fool you, there’s nothing true about this bot.

Truebot is a botnet being used to send out hundreds upon hundreds of emails in hopes of tricking victims into interacting with malicious links. You don’t know what a botnet is? Don’t worry, we have you covered on that.

A botnet is a network of slave computers infected with malware operating under the control of the threat actor or actors. A good way to picture this is to imagine a dog walker walking with a group of well-trained dogs, since the walker has control of the dogs when the walker finds a target, they can then choose to release the hounds.

You have one more time to silence me human, that finger will go bye.
Photo by Anna Shvets, please support by following @pexel.com

Who Can It Be Now

You may be wondering which group of people is releasing the hounds and if this is the first time. The only group that has been ID for using such a tactic is the group called Silence also known as Whisper Spider.

Silence has been operating since mid-2016 and has spread its activities over 25 countries worldwide and has had confirmed damage raking up to, if not more than 800,000 USD. They are thought to be Russian based on clues such as words typed on an English keyboard layout for issuing commands and using Russian-language web hosting services.

Silence has been responsible for targeting Russian banks and other financial institutions which leads to the thought that they may not have a code of ethics. If you’re willing to attack your home turf, then that means no one is off the menu… these guys may not be Russian after all.

Enjoy the read so far? Why don’t you consider subscribing so you can keep up to date?

Man: I think we can get in through the back door!
Woman: I FORGOT TO TURN OFF THE STOVE!!
Photo by Meruyert Gonuliu, please support by following @pexel.com

The Sinking Feeling

Aside from rushing through the backdoor, how do these guys get in is what you may be asking. Silence and other threat actors gain a foothold by exploiting a vulnerability, where in which the installation of TrueBot begins.

After breaching the network another installation takes place which installs the FlawedGrace RAT (Remote Access Trojan), this dirty RAT stores encrypted payloads within the registry.

The FlawedGrace RAT establishes a connection with the Command and Control (C2) server as well as load dynamic link libraries (DLL) to escalate privileges for further malicious intent.

Just understand that once the backdoor is opened, it leaves it wedged and poses no threat while all the information is being collected for the threat actor.

I’m your well configured firewall…what’s up.
Photo by Ron Lach, please support by following @pexel.com

The Prevention

At this junction, it’s clear that you’re interested in keeping your back door closed and having it stay closed. A few ways you could do this is by making sure you stir clear of clicking on links from questionable contacts.

If it’s someone you may know who sent you the link, cross-check with them on other media to verify. Keeping your system, anti-virus, and yourself up to date will help greatly in catching any funny business being had.

Keeping yourself up to date is most important since humans are the most hackable. We’ve been around for years and still fall for the same old tricks.  

I think I’ll read a few more scripts. They help put my mind at ease.
Photo by Rachel Claire, please support by following @pexel.com

Made it this far and found this to be entertaining? Then a big thanks to you and please show your support by cracking a like, sharing this with whomever, scripting a comment, or plug-in to follow.

Would like to give sincere thanks to current followers and subscribers, your support and actions mean a lot and has a play in the creation of each script.

Do you feel like there is something I may have missed on TrueBot? Script a comment below.