A comprehensive look at cryptocurrencies and NFTs, and how it's mostly a scam. 💯

Someone showed me this on Telegram. It is very silly. It is clearly masquerading as "Free GPT and Claude". Anyone with half a brain knows this is malicious, but people will still fall for it. People asked what it is. I have some free time. I poked it with a stick, People discussing it said it is XMRig. That is not entirely accurate. This is not XMRig. This is flagged as XMRig from Triage and VirusTotal because it does indeed drop XMRig, but it is much more than that. This is a (maybe new) information stealer packaged with XMRig as a double whammy. This malware is interesting because of a few things: 1. It is position independent, they care enough to be evasive and strip out a majority of dependencies. This is usually indicative of more serious malware. 2. They .zip it delivers from the "Free GPT and Claude" is intentionally bloated (payload inflation). It is 97MB, which may evade a majority of anti-malware product (initially) due to it's large size. It packages itself with FFMpeg and various other audio codecs. 3. It accesses Microsoft Outlook e-mails, accesses Chrome stuff using the COM IElevationService, looks for any SFTP credentials It (currently) does not have any matching YARA rules from AV vendors. The closest approximation is LummaStealer. My knowledge base on the Information Stealer scene is out-of-date (it changes a lot). However, on first initial glance this appears like a new information stealer. Again, this should be taken with a grain of salt. It's also worth noting the domain it exfiltrates to does not appear in any malware reports. The domain is unique, and the payload does not match any existing YARA rules (it's behavioral characteristics do, but not a specific malware family), so this is actually a pretty interesting sample. A lookup though shows this is an emerging malware campaign. It first appeared around the end of May. This is (probably) a known Threat Actor who has switched it up a bit (or it's MaaS, whatever though). The malware appears online masquerading as various products. - ecore-sourceproject - LogiDA - GPT_Claude_Free - CortexSystems.v3.4.2.Stable - TikTokBot-v2.2 - CortexLauncher Funny enough, this malware would have been much, much, much, MUCH more evasive if they didn't package it with XMRig. VirusTotal and Triage immediately flagged it because after it establishes persistence, and steals any credentials on the machine, it pulls XMRig to turn into a cryptocurrency miner. If they did not pull the XMRig binary this stealer would be much more quiet. I have no idea why they decided to burn their OPSEC with XMRig. C2: dfwioeiofwr-dot-info Payload (and associated families from the C2) 027d576c6b5512d661081aaeeeb8e611f95a469ccf5ba35e0a390e8814334d05 5dcc599cf48227e65ea49d2708d08704fd1cb7e3b89736718d0d8e557857c49c 5e8b40b0b7512e1a1355374fb0cf34bfdf1260ebdb80a353c8f9da2490beeed3 6a0c332296b017220fc2b522da653fce36a8a3c5c79de0200d61c5fc31eb89ce a2f8ebf65d54a4d9c8b720d01da77ad796683f1a5b8bd3d08738d7df4365f8a 9d4aaa9842c947756b7c128c432292732098fb71d247ef0bce60368563572da3 c4caca93e2291c018e701c217b7d232c534e4dd142042a59aa4d32754ef3022a

The restoration of a Singer 201-2 I have been working on is complete. It was pretty rough when I got it but it's running super smooth now. Lots of rust removal and refinishing. It should be good for another 90 years.

Recon badge has arrived!!! Thanks to electronic cats electroniccats.com/

news-spectrum.org by @.Ringmast4r

💯

😬

Go through your timeline and look back at your posts about AI. Not recommended if you are already feeling depressed.

autonomous robot driving through the field at night. no chemicals. no pesticides. just UV light killing pathogens and pests while everyone sleeps. this is @tricrobotics. this is what chemical-free pest control looks like at scale.

the saga continues: testing suspicious amazon cables 👹

Yes we have a YouTube channel 😁 What are you putting on your hat? youtube.com/shorts/Zwlu0LS9C…

🚨 Attackers hijacked 400 Arch #Linux AUR packages by taking over abandoned projects and changing their build scripts. The payload stole developer secrets, targeted tokens and SSH keys, and could hide with an eBPF rootkit if it ran as root. If you used AUR after June 11, check your system. Details ➝ thehackernews.com/2026/06/ov…

"Flock says its security technology is used by more than 1,000 businesses, which includes some massive retail chains and shopping centers." Well, who's ready to ID the other 1000 business? #Surveillance #Privacy springfieldnewssun.com/local…

🚨 BREAKING: More than 400 Arch Linux User Repository packages have been compromised with infostealer malware and a rootkit. Attacker posed as a trusted maintainer and "adopted" orphaned packages. Arch maintainers are purging infected packages now. Audit your AUR installs.

Most people posted photos online to share memories with friends and family. They did not expect those images to become part of a massive facial-recognition search system used by government agencies. That deserves a much bigger public debate. #Privacy #Surveillance

Wtf is this pro-flock bs pouring from all the holes highlighting one single questionable case. Clearly paid propaganda. Flock is about slavery, not safety. “Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety” Benjamin Franklin, 1755.

RT @wongmjane: Just made the “SF simulator” infinitely and procedurally generative à la Minecraft, using Claude Fable. Things like terrain,…

I somehow got 20 DEFCON tickets to giveaway next week, stay tuned for that